8.4
CVE-2025-33225
- EPSS 0.26%
- Veröffentlicht 16.12.2025 17:37:46
- Zuletzt bearbeitet 02.02.2026 16:14:58
- Quelle psirt@nvidia.com
- CVE-Watchlists
- Unerledigt
NVIDIA Resiliency Extension for Linux contains a vulnerability in log aggregation, where an attacker could cause predictable log-file names. A successful exploit of this vulnerability may lead to escalation of privileges, code execution, denial of service, information disclosure, and data tampering.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Nvidia ≫ Nvidia Resiliency Extension Version < 0.5.0
Nvidia ≫ Nvidia Resiliency Extension Version0.5.0 Updaterc1
Nvidia ≫ Nvidia Resiliency Extension Version0.5.0 Updaterc2
Nvidia ≫ Nvidia Resiliency Extension Version0.5.0 Updaterc3
Nvidia ≫ Nvidia Resiliency Extension Version0.5.0 Updaterc4
Nvidia ≫ Nvidia Resiliency Extension Version0.5.0 Updaterc5
Nvidia ≫ Nvidia Resiliency Extension Version0.5.0 Updaterc6
Nvidia ≫ Nvidia Resiliency Extension Version0.5.0 Updaterc7
Nvidia ≫ Nvidia Resiliency Extension Version0.5.0 Updaterc8
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.26% | 0.169 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@nvidia.com | 8.4 | 2.5 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-61 UNIX Symbolic Link (Symlink) Following
The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://nvd.nist.gov/vuln/detail/CVE-2025-33225
https://www.cve.org/CVERecord?id=CVE-2025-33225
https://nvidia.custhelp.com/app/answers/detail/a_id/5746