• Home
  • cyber
  • NVIDIA: NVIDIA CUDA Toolkit Vulnerability Enables Command Injection and Arbitrary Code Execution
cyber Vulnerability

NVIDIA: NVIDIA CUDA Toolkit Vulnerability Enables Command Injection and Arbitrary Code Execution

Jun 16, 2025 2 min read
NVIDIA: NVIDIA CUDA Toolkit Vulnerability Enables Command Injection and Arbitrary Code Execution

NVIDIA Patches High-Severity Vulnerabilities in CUDA Toolkit

NVIDIA has released a critical security update addressing four high-severity vulnerabilities in its CUDA Toolkit, which could enable attackers to execute arbitrary code, escalate privileges, and compromise system integrity. The flaws impact NVIDIA Nsight Systems and Nsight Visual Studio Edition development tools widely used by researchers, engineers, and data center administrators.

The vulnerabilities, disclosed on January 20, 2026, include command injection and DLL loading flaws with CVSS scores ranging from 6.7 to 7.3. The most severe issue (CVE-2025-33228) affects NVIDIA Nsight Systems, allowing attackers to inject OS commands via malicious input in the gfx_hotspot recipe’s process_nsys_rep_cli.py script, leading to code execution with elevated privileges.

Other vulnerabilities include:

  • CVE-2025-33230: A command injection flaw in the Linux installer of Nsight Systems, where malicious installation paths can trigger arbitrary command execution.
  • CVE-2025-33231: An uncontrolled DLL search path vulnerability in Windows, enabling attackers to load malicious DLLs with application privileges.
  • CVE-2025-33229: A privilege escalation flaw in Nsight Visual Studio Edition’s Monitor component, allowing local attackers to execute code at elevated privileges.

Affected versions include CUDA Toolkit up to 13.1 on both Windows and Linux. NVIDIA has released patches in the latest update, urging users to upgrade immediately. Unpatched systems remain at risk, particularly in research institutions, AI development teams, and data centers handling sensitive workloads.

The vulnerabilities were responsibly disclosed by security researcher pwni. Organizations are advised to prioritize patching, especially in environments processing proprietary models or classified data. Additional details are available on NVIDIA’s Product Security page.

Source: https://cyberpress.org/nvidia-cuda-toolkit-vulnerability-enables-command-injection-and-arbitrary-code-execution/

NVIDIA cybersecurity rating report: https://www.rankiteo.com/company/nvidia

"id": "NVI1769095320",
"linkid": "nvidia",
"type": "Vulnerability",
"date": "6/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 'Researchers, engineers, data '
                                              'center administrators, AI '
                                              'development teams, research '
                                              'institutions',
                        'industry': 'Technology/Semiconductors',
                        'name': 'NVIDIA',
                        'type': 'Company'}],
 'attack_vector': ['Command Injection',
                   'DLL Loading Flaw',
                   'Privilege Escalation'],
 'customer_advisories': 'Users are urged to upgrade to the latest patched '
                        'version of CUDA Toolkit.',
 'date_publicly_disclosed': '2026-01-20',
 'description': 'NVIDIA has released a critical security update addressing '
                'four high-severity vulnerabilities in its CUDA Toolkit, which '
                'could enable attackers to execute arbitrary code, escalate '
                'privileges, and compromise system integrity. The flaws impact '
                'NVIDIA Nsight Systems and Nsight Visual Studio Edition '
                'development tools widely used by researchers, engineers, and '
                'data center administrators.',
 'impact': {'operational_impact': 'Potential compromise of system integrity, '
                                  'arbitrary code execution, and privilege '
                                  'escalation',
            'systems_affected': 'NVIDIA Nsight Systems, Nsight Visual Studio '
                                'Edition, CUDA Toolkit (up to 13.1)'},
 'post_incident_analysis': {'corrective_actions': 'Patching the identified '
                                                  'vulnerabilities in CUDA '
                                                  'Toolkit',
                            'root_causes': 'Command injection and DLL loading '
                                           'vulnerabilities in NVIDIA '
                                           'development tools'},
 'recommendations': 'Organizations are advised to prioritize patching, '
                    'especially in environments processing proprietary models '
                    'or classified data.',
 'references': [{'source': 'NVIDIA Product Security Page',
                 'url': 'https://nvidia.com/security'}],
 'response': {'communication_strategy': 'Public disclosure on NVIDIA’s Product '
                                        'Security page',
              'containment_measures': 'Released security patches in the latest '
                                      'CUDA Toolkit update',
              'remediation_measures': 'Urged users to upgrade to the latest '
                                      'patched version'},
 'title': 'NVIDIA Patches High-Severity Vulnerabilities in CUDA Toolkit',
 'type': 'Vulnerability',
 'vulnerability_exploited': ['CVE-2025-33228',
                             'CVE-2025-33230',
                             'CVE-2025-33231',
                             'CVE-2025-33229']}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.