NVIDIA Issues Patches for High-Severity Flaws in Cumulus Linux and NVOS

NVIDIA has issued an important security bulletin for February 2026, warning network administrators of three high-severity vulnerabilities impacting its Cumulus Linux and NVOS platforms. If left unpatched, these flaws could allow attackers to gain unauthorized administrative control over critical network infrastructure.

All three vulnerabilities—tracked as CVE-2025-33179, CVE-2025-33180, and CVE-2025-33181—reside within the NVIDIA User Experience (NVUE) interface. According to the bulletin, “A successful exploit of this vulnerability might lead to escalation of privileges.”

Here is the breakdown of the specific threats:

• CVE-2025-33179 (CVSS Score: 8.0): This flaw (CWE-266) creates a scenario “where a low-privileged user could run an unauthorized command.”
• CVE-2025-33180 (CVSS Score: 8.0): This vulnerability (CWE-77) is an injection flaw “where a low-privileged user could inject a command.”
• CVE-2025-33181 (CVSS Score: 7.3): Similar to the previous flaw, this is also a command injection vulnerability (CWE-77) “where a low-privileged user could inject a command.”

NVIDIA has rolled out security updates across its General Availability (GA) and Long-Term Support (LTS) branches for Cumulus Linux, as well as several versions of NVOS. Administrators are strongly advised to apply the updated versions immediately to secure their environments.

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal

Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy

Do Son

Do Son (aka Ddos) is a seasoned news reporter, bringing over a decade of expertise to the forefront of cyber security and technology reporting. My work provides timely and insightful analysis of emerging trends and critical developments in these rapidly evolving sectors.