Ddos 
NVIDIA has rolled out a critical software update for its widely used CUDA Toolkit, patching a quartet of high-severity vulnerabilities that could allow attackers to execute arbitrary code and escalate privileges on both Windows and Linux systems.
The flaws, affecting “All versions up to CUDA Toolkit 13.1,” expose developers and researchers using NVIDIA’s parallel computing platform to significant risks.
One of the headline vulnerabilities, CVE-2025-33228, targets NVIDIA Nsight Systems, a performance analysis tool included in the toolkit. The flaw lies within the gfx_hotspot recipe.
According to the security bulletin, “NVIDIA Nsight Systems contains a vulnerability in the gfx_hotspot recipe, where an attacker could cause an OS command injection by supplying a malicious string to the process_nsys_rep_cli.py script if the script is invoked manually”.
Successful exploitation “might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure”. This vulnerability carries a CVSS score of 7.3.
The update also addresses issues in other components:
- Visual Studio Monitor (CVE-2025-33229): A vulnerability in NVIDIA Nsight Visual Studio for Windows could allow an attacker to “execute arbitrary code with the same privileges as the NVIDIA Nsight Visual Studio Edition Monitor application” . This flaw also carries a CVSS score of 7.3.
- Linux Installer (CVE-2025-33230): On Linux systems, the Nsight Systems .run installer contains a command injection flaw. An attacker could exploit this “by supplying a malicious string to the installation path,” leading to potential privilege escalation.
A fourth vulnerability, CVE-2025-33231, affects the Windows version of Nsight Systems. This medium-severity issue (CVSS 6.7) involves an “uncontrolled search path element,” commonly known as DLL hijacking.
“NVIDIA Nsight Systems for Windows contains a vulnerability in the application’s DLL loading mechanism where an attacker could cause an uncontrolled search path element by exploiting insecure DLL search paths,” the bulletin explains.
NVIDIA advises all users to upgrade to CUDA Toolkit 13.1 to mitigate these threats. “Earlier software releases of this product are also affected,” the company warns. “If you are using an earlier release, upgrade to the latest release version”.
Donate