CVE-2025-33228 is an OS command injection vulnerability classified under CWE-78 found in NVIDIA Nsight Systems, a performance analysis tool within the CUDA Toolkit. The vulnerability resides in the gfx_hotspot recipe, specifically in the process_nsys_rep_cli.py script. When this script is invoked manually, it improperly neutralizes special elements in input strings, allowing an attacker to inject arbitrary OS commands. Successful exploitation can lead to arbitrary code execution, escalation of privileges, tampering with data, denial of service conditions, and unauthorized information disclosure. The vulnerability affects all versions of the CUDA Toolkit prior to 13.1. The CVSS v3.1 score is 7.3, indicating high severity, with attack vector local (AV:L), low attack complexity (AC:L), requiring low privileges (PR:L) and user interaction (UI:R). The scope remains unchanged (S:U), but the impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H). No public exploits have been reported yet, but the vulnerability poses a significant risk in environments where the script is manually invoked, such as during custom performance analysis workflows or automated scripts that call this tool. The vulnerability highlights the risk of improper input sanitization in command-line tools that interact with OS commands, especially in specialized software like GPU performance analysis suites.

The impact of this vulnerability is substantial for organizations relying on NVIDIA CUDA Toolkit and Nsight Systems for GPU-accelerated computing, including sectors such as artificial intelligence, scientific research, high-performance computing, and data centers. Exploitation could allow attackers with local access to execute arbitrary commands with the privileges of the user running the script, potentially escalating privileges further. This could lead to unauthorized modification or deletion of critical data, disruption of GPU-accelerated workloads, and exposure of sensitive information. Denial of service conditions could impair performance analysis and debugging activities, delaying development and operational processes. Since the vulnerability requires manual invocation of the vulnerable script, the risk is higher in environments where users or automated systems run this script frequently. The overall operational security posture could be compromised, especially in multi-user systems or shared computing environments.

To mitigate this vulnerability, organizations should upgrade to CUDA Toolkit version 13.1 or later, where the issue is resolved. Until patching is possible, restrict access to the process_nsys_rep_cli.py script to trusted users only and avoid manual invocation with untrusted input. Implement strict input validation and sanitization controls on any scripts or automation that invoke this tool. Employ the principle of least privilege to limit user permissions on systems running Nsight Systems. Monitor logs for unusual invocations of the gfx_hotspot recipe or the process_nsys_rep_cli.py script. Consider isolating GPU performance analysis environments from critical production systems to reduce risk exposure. Additionally, educate users about the risks of running scripts with untrusted input and enforce multi-factor authentication and endpoint security controls to reduce the likelihood of local privilege escalation.