Severity
High
Analysis Summary
CVE-2025-23358 CVSS:8.2
NVIDIA NVApp could allow a local authenticated attacker to gain elevated privileges and execute arbitrary code on the system, caused by a search path element flaw.
CVE-2025-33176 CVSS:6.2
NVIDIA RunAI could allow a remote authenticated attacker to gain elevated privileges, perform data tampering and obtain sensitive information, caused by improper restriction of communications channels.
Impact
- Privilege Escalation
Indicators of Compromise
CVE
CVE-2025-23358
CVE-2025-33176
Affected Vendors
- NVIDIA
Affected Products
- NVIDIA App 11.0.5.260
- NVIDIA RunAI 2.22.48
Remediation
Refer to NVIDIA Security Advisory for patch, upgrade, suggested workaround information.