CVE-2025-33179 – This vulnerability in NVIDIA Cumulus Linux and ... (How to Fix)

Q: What is the severity of CVE-2025-33179?

CVE-2025-33179 has a CVSS score of 8.0 (HIGH). This vulnerability in NVIDIA Cumulus Linux and NVOS allows low-privileged users to execute unauthorized commands through the NVUE interface, potentially leading to privilege escalation. It affects organizations using these networking products with the vulnerable configuration enabled. The vulnerability stems from improper privilege management (CWE-266).

📋 TL;DR

This vulnerability in NVIDIA Cumulus Linux and NVOS allows low-privileged users to execute unauthorized commands through the NVUE interface, potentially leading to privilege escalation. It affects organizations using these networking products with the vulnerable configuration enabled. The vulnerability stems from improper privilege management (CWE-266).

💻 Affected Systems

Products:

NVIDIA Cumulus Linux
NVIDIA NVOS

Versions: Cumulus Linux 5.0.0 through 5.9.0, NVOS 10.5.0 through 10.7.0

Operating Systems: Linux-based network OS

Default Config Vulnerable: ⚠️ Yes

Notes: Requires NVUE interface to be enabled and accessible to low-privileged users.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with low-privileged access could gain full administrative control over the network device, potentially compromising the entire network infrastructure.

🟠

Likely Case

Malicious insiders or compromised low-privileged accounts could escalate privileges to modify network configurations, intercept traffic, or disrupt network operations.

🟢

If Mitigated

With proper access controls and network segmentation, impact would be limited to the affected device only.

🌐 Internet-Facing: LOW - NVUE interface is typically not exposed to the internet in standard configurations.

🏢 Internal Only: HIGH - Internal attackers or compromised accounts can exploit this vulnerability to gain administrative privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires existing low-privileged access to the NVUE interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Cumulus Linux 5.9.1+, NVOS 10.7.1+

Vendor Advisory: https://nvidia.custhelp.com/app/answers/detail/a_id/5722

Restart Required: Yes

Instructions:

1. Download the latest patch from NVIDIA support portal. 2. Backup current configuration. 3. Apply the patch using standard upgrade procedures. 4. Reboot the device. 5. Verify the fix is applied.

🔧 Temporary Workarounds

Disable NVUE Interface

linux

Disable the NVUE interface if not required for operations

nv set service nvue disable
nv config apply

Restrict NVUE Access

linux

Limit NVUE interface access to administrative users only

configure user access controls via TACACS+/RADIUS or local user management

🧯 If You Can't Patch

Implement strict network segmentation to isolate affected devices
Enforce principle of least privilege and monitor for privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check current version: nv version | grep -E 'Cumulus|NVOS'

Check Version:

nv version

Verify Fix Applied:

Verify version is 5.9.1+ for Cumulus Linux or 10.7.1+ for NVOS

📡 Detection & Monitoring

Log Indicators:

Unauthorized command execution attempts in NVUE logs
Privilege escalation patterns in system logs

Network Indicators:

Unusual administrative traffic from non-admin IP addresses

SIEM Query:

source="nvue" AND (event="command_execution" OR event="privilege_change") AND user!="admin"

📊 Metadata

CVE ID: CVE-2025-33179

CVSS v3 Score: 8.0 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-266

Published: February 24, 2026

Last Updated: February 27, 2026

🔗 References

https://nvd.nist.gov/vuln/detail/CVE-2025-33179 Third Party Advisory,US Government Resource
https://nvidia.custhelp.com/app/answers/detail/a_id/5722 Vendor Advisory
https://www.cve.org/CVERecord?id=CVE-2025-33179 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-33179, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Cumulus Linux by Nvidia

Cumulus Linux by Nvidia

Cumulus Linux by Nvidia

Nvos by Nvidia

Nvos by Nvidia

Nvos by Nvidia

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable NVUE Interface

Restrict NVUE Access

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities