NVIDIA has patched critical vulnerabilities in its CUDA Toolkit that expose developers and GPU-accelerated systems to command injection and arbitrary code execution risks.
Released on January 20, 2026, the update addresses four flaws in Nsight Systems and related tools, all tied to the CUDA Toolkit ecosystem.
Attackers could exploit these via malicious inputs during manual script invocation or insecure paths, leading to privilege escalation, data tampering, denial of service (DoS), and information leaks.
Affected versions span all prior to CUDA Toolkit 13.1 on Windows and Linux. Users must upgrade immediately from the official CUDA Toolkit Downloads page.
These issues primarily impact developers using NVIDIA’s profiling and debugging tools like Nsight Systems and Nsight Visual Studio Edition.
The flaws stem from poor input validation and insecure DLL loading, allowing local attackers with low privileges to inject OS commands or load malicious libraries.
No remote exploitation is possible, as vectors require local access, low privileges, user interaction (like running scripts manually), and low attack complexity (CVSS: AV:L/AC:L/PR:L/UI:R/S:U).
Despite this, the high impact scores (7.3 for three CVEs, 6.7 for one) highlight severe consequences in shared environments, such as data centers or multi-user dev setups. NVIDIA credits researcher “pwni” for disclosure.
Vulnerability Breakdown and Technical Details
Here’s a structured overview of the CVEs, including CVSS v3.1 vectors, CWE classifications, and potential impacts:
| CVE ID | Description | CVSS Vector | Base Score | Severity | CWE | Impacts |
|---|---|---|---|---|---|---|
| CVE-2025-33228 | OS command injection in Nsight Systems’ gfx_hotspot recipe via malicious string in process_nsys_rep_cli.py script. | AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H | 7.3 | High | 78 | Code exec, priv esc, data tamper, DoS, info disclosure |
| CVE-2025-33229 | Arbitrary code exec in Nsight Visual Studio Monitor via exploited privileges. | AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H | 7.3 | High | 427 | Priv esc, code exec, data tamper, DoS, info disclosure |
| CVE-2025-33230 | OS command injection in Nsight Systems Linux .run installer via malicious install path. | AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H | 7.3 | High | 78 | Priv esc, code exec, data tamper, DoS, info disclosure |
| CVE-2025-33231 | Uncontrolled search path in Nsight Systems Windows DLL loading, enabling malicious DLL exec. | AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H | 6.7 | Medium | 427 | Code exec, priv esc, data tamper, DoS, info disclosure |
No Indicators of Compromise (IoCs) Reported: NVIDIA’s bulletin does not list specific hashes, IPs, or file paths for exploitation artifacts.
Monitor for anomalous Nsight script executions or DLL loads in toolkit directories. Proof-of-concept exploits remain unreleased publicly, but local testing could involve crafting malicious strings for process_nsys_rep_cli.py or installer paths.
Mitigation and Recommendations
Upgrade to CUDA Toolkit 13.1, which remediates all four CVEs. Earlier releases remain vulnerable verify your version via nvcc --version or the toolkit release notes.
For Linux .run installs, avoid custom paths with untrusted input; on Windows, enforce secure DLL search order via manifests or environment vars like SAFE_DLL_SEARCH_MODE=1.
NVIDIA assesses risk as average across installations but urges tailored evaluations, especially for air-gapped or high-privilege dev machines. Track updates via NVIDIA Product Security subscriptions. Report issues to NVIDIA Support.
This patch underscores risks in developer tools, where manual scripting amplifies local attack surfaces. AI/ML workflows relying on CUDA should prioritize patching to avert insider or supply-chain threats.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.