Nixpkgs Security Tracker

Dismissed

Permalink CVE-2025-33180

8.0 HIGH

CVSS version: 3.1
Attack vector (AV): ADJACENT_NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

updated 3 weeks, 3 days ago by @LeSuisse Activity log

Created automatic suggestion 3 weeks, 3 days ago
@LeSuisse removed package convos 3 weeks, 3 days ago
@LeSuisse dismissed 3 weeks, 3 days ago

NVIDIA Cumulus Linux and NVOS products contain a vulnerability in …

NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges.

References

Affected products

NVOS

==All versions prior to 1.3 - 25.02.244
==All versions prior to 25.02.4282
==All versions prior to 25.02.5030

Cumulus Linux GA

==All versions prior to 5.14 (5.13.x, 5.12.x, and older GA versions)

Cumulus Linux LTS

==All versions prior to 5.11.4
==All versions prior to 5.9.4

Ignored packages (1)

pkgs.convos

Convos is the simplest way to use IRC in your browser

nixos-unstable 8.05
- nixpkgs-unstable 8.05
- nixos-unstable-small 8.05
nixos-25.11 8.05
- nixos-25.11-small 8.05
- nixpkgs-25.11-darwin 8.05

Not present in nixpkgs

Suggestion detail

References

Affected products

pkgs.convos