Detections
Analytics

NVIDIA CUDA Toolkit < 13.1 Multiple Vulnerabilities

high Nessus Plugin ID 294990

Synopsis

The remote host is missing one or more security updates.

Description

The version of NVIDIA CUDA Toolkit installed on the remote host is prior to 13.1. It is, therefore, affected by multiple vulnerabilities, including the following:

 - NVIDIA Nsight Systems contains a vulnerability in the gfx_hotspot recipe, where an attacker could cause an OS command injection by supplying a malicious string to the process_nsys_rep_cli.py script if the script is invoked manually. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure. (CVE-2025-33228)

 - NVIDIA Nsight Visual Studio for Windows contains a vulnerability in Nsight Monitor where an attacker can execute arbitrary code with the same privileges as the NVIDIA Nsight Visual Studio Edition Monitor application. A successful exploit of this vulnerability may lead to escalation of privileges, code execution, data tampering, denial of service, and information disclosure. (CVE-2025-33229)

 - NVIDIA Nsight Systems for Linux contains a vulnerability in the .run installer, where an attacker could cause an OS command injection by supplying a malicious string to the installation path. A successful exploit of this vulnerability might lead to escalation of privileges, code execution, data tampering, denial of service, and information disclosure. (CVE-2025-33230)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to NVIDIA CUDA Toolkit version 13.1 or later.

See Also

https://nvidia.custhelp.com/app/answers/detail/a_id/5755

Plugin Details

Severity: High

ID: 294990

File Name: nvidia_cuda_toolkit_13_1.nasl

Version: 1.1

Type: local

Agent: windows

Family: Misc.

Published: 1/22/2026

Updated: 1/22/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2025-33228

CVSS v3

Risk Factor: High

Base Score: 7.3

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:nvidia:cuda_toolkit

Required KB Items: installed_sw/NVIDIA CUDA Toolkit

Patch Publication Date: 12/4/2025

Vulnerability Publication Date: 1/20/2026

Reference Information

CVE: CVE-2025-33228, CVE-2025-33229, CVE-2025-33230, CVE-2025-33231

IAVB: 2026-B-0020