Platform
nvidia
Component
nvidia-isaac-gr00t
Fixed in
7.0.1
CVE-2025-33183 describes a code injection vulnerability discovered in NVIDIA Isaac-GR00T, a robotics platform. This flaw allows an attacker to potentially execute arbitrary code, leading to severe consequences such as privilege escalation, data manipulation, and sensitive information exposure. The vulnerability affects all versions of Isaac-GR00T prior to code commit 7f53666, and a fix has been released.
The code injection vulnerability in NVIDIA Isaac-GR00T presents a significant security risk. An attacker exploiting this flaw could inject malicious code into the system, potentially gaining control over the robot's operations. This could involve manipulating sensor data, overriding control commands, or exfiltrating sensitive information stored on the device. The impact extends beyond the immediate device, as compromised robots could be used to disrupt operations or even cause physical harm. The ability to escalate privileges could allow an attacker to access other systems on the network, expanding the blast radius of the attack. This vulnerability highlights the importance of secure coding practices in robotics and AI development.
CVE-2025-33183 was publicly disclosed on 2025-11-18. Currently, there is no indication of active exploitation in the wild. No public proof-of-concept (PoC) code has been released. The vulnerability is not currently listed on the CISA KEV catalog. The potential for exploitation remains, particularly given the increasing adoption of robotics in critical infrastructure and industrial environments.
Exploit Status
EPSS
0.04% (10% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-33183 is to immediately upgrade NVIDIA Isaac-GR00T to version 7f53666 or later. If an immediate upgrade is not feasible due to compatibility issues or system downtime requirements, consider implementing stricter input validation and sanitization within the Python component to prevent malicious code from being injected. While not a complete solution, this can reduce the attack surface. Monitor system logs for any unusual activity or unexpected code execution attempts. Review and update security policies to ensure that all Isaac-GR00T deployments adhere to best practices for secure configuration and access control. After upgrade, confirm by running a test suite to verify the integrity of the system and ensure that the vulnerability has been successfully patched.
Actualice NVIDIA Isaac-GR00T a una versión que incluya el commit 7f53666 o posterior. Esto solucionará la vulnerabilidad de inyección de código en el componente de Python. Consulte el aviso de seguridad de NVIDIA para obtener más detalles e instrucciones específicas.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-33183 is a code injection vulnerability affecting NVIDIA Isaac-GR00T versions before 7f53666, allowing attackers to potentially execute arbitrary code and compromise the system.
You are affected if you are using NVIDIA Isaac-GR00T versions prior to 7f53666. Check your version and upgrade immediately.
Upgrade to version 7f53666 or later. If immediate upgrade is not possible, implement stricter input validation and sanitization.
There is currently no indication of active exploitation in the wild, but the potential remains.
Refer to the NVIDIA security bulletin for details: [https://www.nvidia.com/en-us/security/cve/CVE-2025-33183](https://www.nvidia.com/en-us/security/cve/CVE-2025-33183)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.