CVE-2025-33230 – This vulnerability allows attackers to execute ... (How to Fix)

Q: What is the severity of CVE-2025-33230?

CVE-2025-33230 has a CVSS score of 7.3 (HIGH). This vulnerability allows attackers to execute arbitrary operating system commands by injecting malicious strings into the installation path parameter of NVIDIA Nsight Systems for Linux installer. It affects users installing or upgrading Nsight Systems on Linux systems. Successful exploitation could lead to full system compromise.

📋 TL;DR

This vulnerability allows attackers to execute arbitrary operating system commands by injecting malicious strings into the installation path parameter of NVIDIA Nsight Systems for Linux installer. It affects users installing or upgrading Nsight Systems on Linux systems. Successful exploitation could lead to full system compromise.

💻 Affected Systems

Products:

NVIDIA Nsight Systems

Versions: All versions prior to 2025.3.1

Operating Systems: Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the .run installer on Linux systems. Windows and macOS versions are not affected.

📦 What is this software?

Cuda Toolkit by Nvidia

View all CVEs affecting Cuda Toolkit →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with root privileges, allowing complete control over the affected system, data exfiltration, and lateral movement within the network.

🟠

Likely Case

Local privilege escalation to root, enabling installation of persistent backdoors, data theft, and system manipulation.

🟢

If Mitigated

Limited impact if installer is run with minimal privileges and in isolated environments, though command injection could still affect the user's context.

🌐 Internet-Facing: LOW

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access or ability to influence installation parameters. The vulnerability is in the installer script itself.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2025.3.1 and later

Vendor Advisory: https://nvidia.custhelp.com/app/answers/detail/a_id/5755

Restart Required: No

Instructions:

1. Download the latest version of Nsight Systems from NVIDIA's official website. 2. Verify the checksum of the downloaded file. 3. Run the updated installer with appropriate privileges. 4. Remove any older vulnerable versions.

🔧 Temporary Workarounds

Use package manager installation

linux

Install Nsight Systems through official package repositories instead of using the .run installer

sudo apt-get update
sudo apt-get install nsight-systems

Validate installation path

linux

Manually validate and sanitize the installation path before running the installer

# Ensure installation path contains only alphanumeric characters, dots, dashes, and underscores
INSTALL_PATH="/opt/nvidia/nsight-systems"
if [[ ! $INSTALL_PATH =~ ^[a-zA-Z0-9._\/-]+$ ]]; then echo "Invalid path"; exit 1; fi

🧯 If You Can't Patch

Run installer in isolated container or VM with no network access
Monitor for suspicious process execution during installation

🔍 How to Verify

Check if Vulnerable:

Check if Nsight Systems version is older than 2025.3.1 by examining the installer filename or installed version

Check Version:

nsys --version

Verify Fix Applied:

Verify the installed version is 2025.3.1 or newer and that the installer was downloaded from NVIDIA's official source

📡 Detection & Monitoring

Log Indicators:

Unusual process execution during Nsight Systems installation
Shell commands with unusual arguments in installation logs
Failed installation attempts with suspicious path parameters

Network Indicators:

Outbound connections from installer process to unexpected destinations

SIEM Query:

process_name="nsight*" AND (command_line CONTAINS "||" OR command_line CONTAINS ";" OR command_line CONTAINS "`")

📊 Metadata

CVE ID: CVE-2025-33230

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-78

EPSS Score: 0.02% exploit probability (5.1th percentile)

Published: January 20, 2026

Last Updated: February 2, 2026

🔗 References

https://nvd.nist.gov/vuln/detail/CVE-2025-33230 US Government Resource,VDB Entry
https://nvidia.custhelp.com/app/answers/detail/a_id/5755 Patch,Vendor Advisory
https://www.cve.org/CVERecord?id=CVE-2025-33230 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-33230, you might also want to check these: