CVE-2025-33216

| EUVD-2025-208966 MEDIUM
2026-03-24 nvidia GHSA-j44v-7j32-mr9x
6.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 24, 2026 - 20:31 vuln.today
EUVD ID Assigned
Mar 24, 2026 - 20:31 euvd
EUVD-2025-208966
CVE Published
Mar 24, 2026 - 20:21 nvd
MEDIUM 6.8

Tags

Denial Of Service Nvidia

Description

NVIDIA SNAP-4 Container contains a vulnerability in the configuration interface where an attacker on a VM may cause an incorrect calculation of buffer size by sending crafted configurations. A successful exploit of this vulnerability may lead to crash of the SNAP service, causing denial of service of the storage service to the host.

Analysis

NVIDIA SNAP-4 Container contains a buffer size calculation vulnerability in its configuration interface that allows an authenticated attacker on the same virtualized environment to trigger a denial of service condition. An attacker with local VM access and low-level privileges can send specially crafted configuration payloads that cause incorrect buffer size calculations, resulting in crashes of the SNAP storage service and loss of storage availability to the host. There is currently no evidence of active exploitation or public proof-of-concept code, and the SSVC framework indicates no known exploitation has occurred, though the vulnerability is automatable in principle.

Technical Context

The vulnerability exists in NVIDIA SNAP-4 Container (identified via CPE cpe:2.3:a:nvidia:snap-4_container:*:*:*:*:*:*:*:*), a storage networking appliance container product. The root cause is classified as CWE-131 (Incorrect Calculation of Buffer Size), which represents improper validation or computation of buffer boundaries during configuration parsing. When the configuration interface processes attacker-supplied parameters, it miscalculates the required memory allocation, leading to buffer overflow or underflow conditions that destabilize the SNAP service process. The vulnerability requires local network-level access (AV:A in CVSS) from within the hypervisor environment, making it a VM-to-host attack vector rather than a remote network exploitation.

Affected Products

NVIDIA SNAP-4 Container across all versions prior to the patched release is affected, as indicated by the CPE cpe:2.3:a:nvidia:snap-4_container:*:*:*:*:*:*:*:*. The wildcard version component indicates the vulnerability likely affects a broad version range. Users should consult the official NVIDIA security advisory at https://nvidia.custhelp.com/app/answers/detail/a_id/5744 for the exact patched version number and determine their specific deployment version. Additional information is available via the CVE Record at https://www.cve.org/CVERecord?id=CVE-2025-33216 and the NVD entry at https://nvd.nist.gov/vuln/detail/CVE-2025-33216.

Remediation

Apply the security patch released by NVIDIA for SNAP-4 Container to the version specified in the official advisory at https://nvidia.custhelp.com/app/answers/detail/a_id/5744. Until patching can be completed, implement network segmentation to restrict configuration interface access to only trusted administrative hosts, disable VM-to-management-network routing if not required for production, and deploy host-based monitoring to detect abnormal SNAP service restarts or crashes that may indicate exploitation attempts. Test the patch thoroughly in a non-production environment before production deployment, as the vulnerability affects core storage availability.

Priority Score

34
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +34
POC: 0

Share

CVE-2025-33216 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy