Detections
Analytics
NVIDIA Virtual GPU Manager Multiple Vulnerabilities (January 2025)
high Nessus Plugin ID 297690
Language:
Synopsis
A GPU virtualization application installed on the remote host is affected by multiple vulnerabilities.Description
A display driver installed on the remote Linux host is affected by multiple vulnerabilities, including the following:- NVIDIA Display Driver contains a vulnerability where an uncontrolled DLL loading path might lead to arbitrary denial of service, escalation of privileges, code execution, and data tampering. (CVE-2025-33219)
- NVIDIA Project G-Assist contains a vulnerability where an attacker might be able to escalate permissions. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure. (CVE-2025-33220)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade the NVIDIA vGPU Manager software in accordance with the vendor advisory.See Also
Plugin Details
Severity: High
ID: 297690
File Name: nvidia_vgpu_2026_1.nasl
Version: 1.2
Type: local
Family: Misc.
Published: 2/3/2026
Updated: 2/4/2026
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.2
Temporal Score: 5.3
Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2025-33219
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
CVSS Score Source: CVE-2025-33220
Vulnerability Information
CPE: cpe:/a:nvidia:virtual_gpu_manager
Required KB Items: installed_sw/NVIDIA Virtual GPU Manager, os_fingerprint.nasl
Exploit Ease: No known exploits are available
Patch Publication Date: 1/27/2026
Vulnerability Publication Date: 1/27/2026
Reference Information
CVE: CVE-2025-33219, CVE-2025-33220
IAVA: 2026-A-0095