NVIDIA has disclosed two crucial code injection vulnerabilities affecting its Isaac-GR00T robotics platform.
The vulnerabilities, tracked as CVE-2025-33183 and CVE-2025-33184, exist inside Python parts and will enable authenticated attackers to execute arbitrary code, escalate privileges, and alter system knowledge.
The failings pose a major risk to organizations deploying NVIDIA’s robotics options throughout industrial automation, analysis services, and autonomous techniques.
Each vulnerabilities carry a excessive CVSS rating of seven.8, indicating critical safety dangers that require quick remediation.
Vulnerability Particulars
The code injection points have an effect on all variations of NVIDIA Isaac-GR00T N1.5 throughout all platforms.
An attacker with native entry and low-level privileges might exploit these vulnerabilities with out consumer interplay, probably gaining full system management.
CVE IDDescriptionCVSS ScoreCWEAttack VectorCVE-2025-33183Code injection in Python part permitting arbitrary code execution7.8CWE-94Local/Low PrivilegeCVE-2025-33184Code injection in Python part permitting arbitrary code execution7.8CWE-94Local/Low Privilege
Profitable exploitation might lead to unauthorized code execution, privilege escalation, data disclosure, and knowledge modification, compromising the integrity of crucial robotic operations.
Each vulnerabilities stem from improper dealing with of user-supplied enter in Python parts, categorized underneath CWE-94 (Improper Management of Technology of Code).
This weak spot has been traditionally exploited in quite a few assaults focusing on interpreted code environments.
NVIDIA has launched a software program replace addressing each vulnerabilities. The patch is on the market by way of GitHub commit 7f53666 of the Isaac-GR00T repository.
Organizations operating Isaac-GR00T ought to instantly replace to any code department incorporating this particular decide to eradicate the assault floor.
System directors ought to prioritize deploying the safety replace throughout all Isaac-GR00T deployments.
Given the excessive severity ranking and the potential for crucial system compromise, NVIDIA recommends treating this as an pressing precedence.
Organizations unable to patch instantly ought to limit native entry to affected techniques and monitor for suspicious exercise.
NVIDIA’s Product Safety Incident Response Group (PSIRT) continues monitoring for exploitation makes an attempt.
The vulnerabilities had been responsibly disclosed by Peter Girnus of Pattern Micro Zero Day Initiative, highlighting the significance of coordinated vulnerability analysis.
For complete data, go to NVIDIA’s Product Safety web page to entry full Safety alerts and subscribe to future vulnerability notifications.
Observe us on Google Information, LinkedIn, and X for every day cybersecurity updates. Contact us to function your tales.
