CVE-2025-33179: Privilege Escalation via NVUE Interface in NVIDIA Cumulus Linux
CVE-2025-33179 Published on February 24, 2026
NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could run an unauthorized command. A successful exploit of this vulnerability might lead to escalation of privileges.
Vulnerability Analysis
Weakness Type
Incorrect Privilege Assignment
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Products Associated with CVE-2025-33179
Want to know whenever a new CVE is published for NVIDIA Cumulus Linux? stack.watch will email you.
Affected Versions
NVIDIA Cumulus Linux GA:- Version All versions prior to 5.14 (5.13.x, 5.12.x, and older GA versions) is affected.
- Version All versions prior to 5.11.4 is affected.
- Version All versions prior to 5.9.4 is affected.
- Version All versions prior to 1.3 - 25.02.244 is affected.
- Version All versions prior to 25.02.4282 is affected.
- Version All versions prior to 25.02.5030 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.