Preface: Nsight Systems is a tool for developers who need to understand the big picture of application execution on heterogeneous systems, especially in scenarios involving data transfer bottlenecks between the CPU and GPU or scaling across multiple nodes.
Background: In NVIDIA Nsight Systems, process_nsys_rep_cli[.]py is an internal Python script used primarily for post-processing and report generation from raw profiling data.
While users typically interact with the nsys command-line tool, this script is invoked behind the scenes during the following operations.
Why This Might Connect to Nsight Systems?
Nsight Systems allows exporting [.]nsys-rep files and then processing them with scripts like process_nsys_rep_cli[.]py.
If the CLI or scripts read commands or code from user-provided files without validation, it could lead to:
-Command injection (similar to os[.]system()).
-Code execution (similar to exec()).
The design flaw could be that Nsight Systems assumes [.]nsys-rep or related files are safe, but if an attacker crafts a malicious file and you run the processing script, it could execute harmful commands.
Vulnerability details: CVE-2025-33228 NVIDIA Nsight Systems contains a vulnerability in the gfx_hotspot recipe, where an attacker could cause an OS command injection by supplying a malicious string to the process_nsys_rep_cli[.]py script if the script is invoked manually. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure.
Official announcement: Please refer to the link for details –