CVE-2025-33208
Published: 03 December 2025
Description
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Security Summary
CVE-2025-33208 is a vulnerability in NVIDIA TAO that enables an attacker to cause a resource to be loaded via an uncontrolled search path, corresponding to CWE-427. Published on 2025-12-03, it has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high severity with network accessibility, low attack complexity, no required privileges, and user interaction needed.
A remote attacker without privileges can exploit this vulnerability by tricking a user into interacting with a malicious input, such as executing a crafted file or script. Successful exploitation may result in escalation of privileges, data tampering, denial of service, or information disclosure, with high impacts across confidentiality, integrity, and availability.
Mitigation details are available in the NVIDIA security bulletin at https://nvidia.custhelp.com/app/answers/detail/a_id/5730, along with further analysis on the NVD page at https://nvd.nist.gov/vuln/detail/CVE-2025-33208 and the CVE record at https://www.cve.org/CVERecord?id=CVE-2025-33208.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
CVE-2025-33208 (CWE-427: Uncontrolled Search Path) directly enables path interception by search order hijacking (T1574.008) for code execution via malicious resource loading, and facilitates privilege escalation (T1068) as described.