CVE-2025-33228 is an OS command injection vulnerability classified under CWE-78, found in the NVIDIA Nsight Systems component of the CUDA Toolkit. The vulnerability resides in the gfx_hotspot recipe, specifically within the process_nsys_rep_cli.py script. When this script is invoked manually, it improperly neutralizes special elements in input strings, allowing an attacker to inject arbitrary OS commands. Successful exploitation requires the attacker to have local access with limited privileges and to interact with the system by manually running the vulnerable script. The impact of exploitation includes remote code execution capabilities, escalation of privileges beyond the initial user context, tampering with data, denial of service conditions, and potential leakage of sensitive information. This vulnerability affects all versions of the CUDA Toolkit prior to 13.1, which was released to address this issue. The CVSS v3.1 base score is 7.3, reflecting high severity due to the combination of high impact on confidentiality, integrity, and availability, and relatively low attack complexity, though requiring some user interaction and privileges. No known exploits are currently reported in the wild, but the vulnerability poses a significant risk to environments where CUDA Toolkit is used for GPU-accelerated computing, including scientific research, AI development, and high-performance computing clusters.

For European organizations, the impact of this vulnerability can be substantial, particularly for those relying on NVIDIA CUDA Toolkit in research institutions, universities, AI startups, and enterprises engaged in GPU-accelerated workloads. Exploitation could allow attackers to execute arbitrary commands on affected systems, potentially leading to unauthorized access to sensitive data, disruption of critical computational tasks, and compromise of intellectual property. The escalation of privileges could enable attackers to gain broader control over affected systems, facilitating lateral movement within networks. Denial of service could interrupt ongoing computations and services, causing operational downtime and financial losses. Information disclosure risks threaten confidentiality, especially in sectors handling sensitive or proprietary data. Given the requirement for local access and user interaction, the threat is more pronounced in environments where multiple users have access to development or compute nodes, such as shared HPC clusters or collaborative research facilities.

To mitigate this vulnerability, European organizations should prioritize upgrading all installations of the NVIDIA CUDA Toolkit to version 13.1 or later, where the vulnerability has been addressed. Until upgrades can be applied, restrict access to the process_nsys_rep_cli.py script by enforcing strict file permissions and limiting execution to trusted administrators only. Implement monitoring and alerting for unusual invocations of this script or unexpected command executions on systems running CUDA Toolkit. Employ endpoint protection solutions capable of detecting suspicious local command injection attempts. Educate users and administrators about the risks of manually invoking this script with untrusted input. In shared environments, consider isolating user sessions and applying the principle of least privilege to minimize the potential impact of exploitation. Regularly audit systems for signs of compromise and ensure that all software dependencies are kept up to date to reduce the attack surface.