CVE-2025-33220NVD

Vulnerability Summary

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause heap memory access after the memory is freed. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure.

Severity Level

HIGH(7.8)

Published Date

Jan 28, 2026

Last Modified

Jan 29, 2026

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

CWE-416: Unknown/Unlisted Weakness ↗

Refer to the official MITRE database for detailed architectural specifications regarding this weakness.

CVSS v3.1 Base Metrics

Attack VectorLocal

Attack ComplexityLow

Privileges RequiredLow

User InteractionNone

ScopeUnchanged

ConfidentialityHigh

IntegrityHigh

AvailabilityHigh

External References

https://nvd.nist.gov/vuln/detail/CVE-2025-33220
https://nvidia.custhelp.com/app/answers/detail/a_id/5747
https://www.cve.org/CVERecord?id=CVE-2025-33220