CVE-2025-33229

{"id": "CVE-2025-33229", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2025-33229", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "total"}], "version": "2.0.3", "timestamp": "2026-01-21T04:55:27.643743Z"}}], "cvssMetricV31": [{"type": "Secondary", "source": "psirt@nvidia.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.3}]}, "affected": [{"source": "psirt@nvidia.com", "affectedData": [{"vendor": "NVIDIA", "product": "CUDA Toolkit", "versions": [{"status": "affected", "version": "All versions prior to CUDA Toolkit 13.1"}], "platforms": ["Windows", "Linux"], "defaultStatus": "unaffected"}]}], "published": "2026-01-20T18:16:02.500", "references": [{"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33229", "tags": ["US Government Resource", "VDB Entry"], "source": "psirt@nvidia.com"}, {"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5755", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@nvidia.com"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2025-33229", "tags": ["Third Party Advisory"], "source": "psirt@nvidia.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "psirt@nvidia.com", "description": [{"lang": "en", "value": "CWE-427"}]}], "descriptions": [{"lang": "en", "value": "NVIDIA Nsight Visual Studio for Windows contains a vulnerability in Nsight Monitor where an attacker can execute arbitrary code with the same privileges as the NVIDIA Nsight Visual Studio Edition Monitor application. A successful exploit of this vulnerability may lead to escalation of privileges, code execution, data tampering, denial of service, and information disclosure."}, {"lang": "es", "value": "NVIDIA Nsight Visual Studio para Windows contiene una vulnerabilidad en Nsight Monitor donde un atacante puede ejecutar c\u00f3digo arbitrario con los mismos privilegios que la aplicaci\u00f3n NVIDIA Nsight Visual Studio Edition Monitor. Un exploit exitoso de esta vulnerabilidad puede conducir a escalada de privilegios, ejecuci\u00f3n de c\u00f3digo, manipulaci\u00f3n de datos, denegaci\u00f3n de servicio y revelaci\u00f3n de informaci\u00f3n."}], "lastModified": "2026-06-17T09:13:16.530", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:cuda_toolkit:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D53794E-E526-471B-94F5-F9BCC26C1BC1", "versionEndExcluding": "13.1.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@nvidia.com"}