Platform
nvidia
Component
nvidia-isaac-gr00t
Fixed in
7.0.1
CVE-2025-33184 describes a code injection vulnerability discovered in NVIDIA Isaac-GR00T, a robotics development platform. Successful exploitation could lead to unauthorized code execution and compromise system integrity. This vulnerability affects all versions of Isaac-GR00T prior to code commit 7f53666. A fix is available in version 7f53666.
The code injection vulnerability in NVIDIA Isaac-GR00T allows an attacker to inject and execute arbitrary code within the Python component. This could lead to a wide range of malicious activities, including gaining unauthorized access to sensitive data, modifying system configurations, and potentially taking control of the entire robotic system. The impact is particularly severe in environments where Isaac-GR00T is used for autonomous navigation or critical decision-making, as an attacker could manipulate the robot's behavior to cause harm or disruption. The ability to escalate privileges further amplifies the risk, allowing an attacker to move laterally within the system and compromise other connected resources. Data tampering could lead to inaccurate sensor readings or manipulated control signals, creating dangerous situations.
CVE-2025-33184 was publicly disclosed on 2025-11-18. There is currently no indication of active exploitation campaigns targeting this vulnerability. The EPSS score is pending evaluation. No public proof-of-concept (PoC) code has been released at the time of this writing, but the nature of the vulnerability suggests that a PoC could be developed relatively easily.
Exploit Status
EPSS
0.04% (10% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-33184 is to upgrade NVIDIA Isaac-GR00T to version 7f53666 or later. If an immediate upgrade is not possible due to compatibility issues or system downtime constraints, consider implementing stricter input validation and sanitization within the Python component to prevent malicious code from being injected. While not a complete solution, this can reduce the attack surface. Monitor system logs for any unusual activity or attempts to execute unauthorized code. Implement robust access controls to limit who can modify the Python component and its dependencies. After upgrading, verify the fix by attempting to trigger the code injection vulnerability using known attack vectors and confirming that the attempts are blocked.
Actualice NVIDIA Isaac-GR00T a una versión que incluya el commit 7f53666 o posterior. Esto solucionará la vulnerabilidad de inyección de código en el componente Python. Consulte el aviso de seguridad de NVIDIA para obtener más detalles e instrucciones específicas.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-33184 is a code injection vulnerability affecting NVIDIA Isaac-GR00T versions before 7f53666, allowing attackers to execute arbitrary code and potentially compromise the system.
You are affected if you are using NVIDIA Isaac-GR00T versions prior to 7f53666. Check your version and upgrade immediately.
Upgrade to NVIDIA Isaac-GR00T version 7f53666 or later. Implement input validation as a temporary workaround if immediate upgrade is not possible.
There is currently no evidence of active exploitation, but the vulnerability's nature suggests a potential for future attacks.
Refer to the NVIDIA security bulletin for CVE-2025-33184 on the NVIDIA website (https://www.nvidia.com/en-us/security/).
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.