Scanner gratuitement
HIGHCVE-2025-33184CVSS 7.8

NVIDIA Isaac-GR00T pour toutes les plateformes contient une vulnérabilité dans un composant Python, où un attaquant pourrait provoquer un problème d'injection de code. L'exploitation réussie de cette vulnérabilité pourrait mener à du code

Plateforme

nvidia

Composant

nvidia-isaac-gr00t

Corrigé dans

7.0.1

AI Confidence: highNVDEPSS 0.0%Révisé: mai 2026
Voir sur NVD
Sauvegarder
Traduction vers votre langue…

CVE-2025-33184 describes a code injection vulnerability discovered in NVIDIA Isaac-GR00T, a robotics development platform. Successful exploitation could lead to unauthorized code execution and compromise system integrity. This vulnerability affects all versions of Isaac-GR00T prior to code commit 7f53666. A fix is available in version 7f53666.

Impact et Scénarios d'Attaquetraduction en cours…

The code injection vulnerability in NVIDIA Isaac-GR00T allows an attacker to inject and execute arbitrary code within the Python component. This could lead to a wide range of malicious activities, including gaining unauthorized access to sensitive data, modifying system configurations, and potentially taking control of the entire robotic system. The impact is particularly severe in environments where Isaac-GR00T is used for autonomous navigation or critical decision-making, as an attacker could manipulate the robot's behavior to cause harm or disruption. The ability to escalate privileges further amplifies the risk, allowing an attacker to move laterally within the system and compromise other connected resources. Data tampering could lead to inaccurate sensor readings or manipulated control signals, creating dangerous situations.

Contexte d'Exploitationtraduction en cours…

CVE-2025-33184 was publicly disclosed on 2025-11-18. There is currently no indication of active exploitation campaigns targeting this vulnerability. The EPSS score is pending evaluation. No public proof-of-concept (PoC) code has been released at the time of this writing, but the nature of the vulnerability suggests that a PoC could be developed relatively easily.

Qui Est à Risquetraduction en cours…

Organizations and individuals utilizing NVIDIA Isaac-GR00T for robotics development and deployment are at risk. This includes researchers, engineers, and companies developing autonomous systems, particularly those relying on custom Python scripts within their Isaac-GR00T workflows. Those using older, unpatched versions of Isaac-GR00T are most vulnerable.

Étapes de Détectiontraduction en cours…

• python / supply-chain:

import os
import subprocess

# Check for the vulnerable version of Isaac-GR00T
process = subprocess.Popen(['python', '-c', 'import isaac_gr00t; print(isaac_gr00t.__version__)'], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
stdout, stderr = process.communicate()
version = stdout.decode('utf-8').strip()

if version and version != '7f53666':
    print(f"Vulnerable version detected: {version}")

• generic web: Check for unusual Python processes running with elevated privileges. • generic web: Monitor system logs for suspicious Python script executions or attempts to access sensitive files.

Chronologie de l'Attaque

  1. Disclosure

    disclosure

Renseignement sur les Menaces

Statut de l'Exploit

Preuve de ConceptInconnu
CISA KEVNO
Exposition InternetFaible

EPSS

0.04% (percentile 10%)

CISA SSVC

Exploitationnone
Automatisableno
Impact Techniquetotal

Vecteur CVSS

RENSEIGNEMENT SUR LES MENACES· CVSS 3.1CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.8HIGHAttack VectorLocalComment l'attaquant atteint la cibleAttack ComplexityLowConditions requises pour exploiterPrivileges RequiredLowNiveau d'authentification requisUser InteractionNoneSi une action de la victime est requiseScopeUnchangedImpact au-delà du composant affectéConfidentialityHighRisque d'exposition de données sensiblesIntegrityHighRisque de modification non autorisée de donnéesAvailabilityHighRisque d'interruption de servicenextguardhq.com · Score de base CVSS v3.1
Que signifient ces métriques?
Attack Vector
Local — l'attaquant a besoin d'une session locale ou d'un shell sur le système.
Attack Complexity
Faible — aucune condition spéciale requise. Exploitable de manière fiable.
Privileges Required
Faible — tout compte utilisateur valide est suffisant.
User Interaction
Aucune — attaque automatique et silencieuse. La victime ne fait rien.
Scope
Inchangé — impact limité au composant vulnérable.
Confidentiality
Élevé — perte totale de confidentialité. L'attaquant peut lire toutes les données.
Integrity
Élevé — l'attaquant peut écrire, modifier ou supprimer toutes les données.
Availability
Élevé — panne complète ou épuisement des ressources. Déni de service total.

Logiciel Affecté

Composantnvidia-isaac-gr00t
FournisseurNVIDIA
Plage affectéeCorrigé dans
All versions that do not include code commit 7f53666 – All versions that do not include code commit 7f536667.0.1

Classification de Faiblesse (CWE)

CWE-94

Chronologie

  1. Réservé
  2. Publiée
  3. Modifiée
  4. EPSS mis à jour

Mitigation et Contournementstraduction en cours…

The primary mitigation for CVE-2025-33184 is to upgrade NVIDIA Isaac-GR00T to version 7f53666 or later. If an immediate upgrade is not possible due to compatibility issues or system downtime constraints, consider implementing stricter input validation and sanitization within the Python component to prevent malicious code from being injected. While not a complete solution, this can reduce the attack surface. Monitor system logs for any unusual activity or attempts to execute unauthorized code. Implement robust access controls to limit who can modify the Python component and its dependencies. After upgrading, verify the fix by attempting to trigger the code injection vulnerability using known attack vectors and confirming that the attempts are blocked.

Comment corrigertraduction en cours…

Actualice NVIDIA Isaac-GR00T a una versión que incluya el commit 7f53666 o posterior. Esto solucionará la vulnerabilidad de inyección de código en el componente Python. Consulte el aviso de seguridad de NVIDIA para obtener más detalles e instrucciones específicas.

Newsletter Sécurité CVE

Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.

Questions fréquentestraduction en cours…

What is CVE-2025-33184 — Code Injection in NVIDIA Isaac-GR00T?

CVE-2025-33184 is a code injection vulnerability affecting NVIDIA Isaac-GR00T versions before 7f53666, allowing attackers to execute arbitrary code and potentially compromise the system.

Am I affected by CVE-2025-33184 in NVIDIA Isaac-GR00T?

You are affected if you are using NVIDIA Isaac-GR00T versions prior to 7f53666. Check your version and upgrade immediately.

How do I fix CVE-2025-33184 in NVIDIA Isaac-GR00T?

Upgrade to NVIDIA Isaac-GR00T version 7f53666 or later. Implement input validation as a temporary workaround if immediate upgrade is not possible.

Is CVE-2025-33184 being actively exploited?

There is currently no evidence of active exploitation, but the vulnerability's nature suggests a potential for future attacks.

Where can I find the official NVIDIA advisory for CVE-2025-33184?

Refer to the NVIDIA security bulletin for CVE-2025-33184 on the NVIDIA website (https://www.nvidia.com/en-us/security/).

Ton projet est-il affecté ?

Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.

Scanner gratuitementRechercher des CVE