Command Injection Vulnerability in NVIDIA Cumulus Linux and NVOS Products
CVE-2025-33181

7.3HIGH

Key Information:

Vendor

Nvidia
Status
Cumulus Linux Ga
Cumulus Linux Lts
Nvos
Vendor
CVE Published:
24 February 2026

What is CVE-2025-33181?

NVIDIA Cumulus Linux and NVOS products contain a command injection vulnerability within the NVUE interface. This issue allows low-privileged users to inject arbitrary commands, potentially leading to unauthorized privilege escalation. Exploiting this vulnerability could allow attackers to execute commands with elevated permissions, posing significant risks to system integrity and security. Users are advised to review their configurations and apply necessary updates to mitigate potential threats.

Affected Version(s)

Cumulus Linux GA Cumulus Linux(5.14) All versions prior to 5.14 (5.13.x, 5.12.x, and older GA versions)

Cumulus Linux LTS Cumulus Linux(5.11) All versions prior to 5.11.4

Cumulus Linux LTS Cumulus Linux(5.9) All versions prior to 5.9.4

References

https://nvd.nist.gov/vuln/detail/CVE-2025-33181
https://www.cve.org/CVERecord?id=CVE-2025-33181
https://nvidia.custhelp.com/app/answers/detail/a_id/5722

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.