平台
nvidia
组件
nvidia-isaac-gr00t
修复版本
9.0.1
CVE-2025-23296 describes a code injection vulnerability discovered in NVIDIA Isaac-GR00T, a robotics development platform. Successful exploitation could allow an attacker to execute arbitrary code, potentially leading to significant data compromise and system control. This vulnerability affects all versions of Isaac-GR00T prior to code commit 9ca97e1. A fix is available in version 9ca97e1.
The code injection vulnerability in NVIDIA Isaac-GR00T allows an attacker to inject and execute malicious code within the Python component. This could lead to a wide range of impacts, including complete system compromise. An attacker could gain unauthorized access to sensitive data, modify system configurations, and potentially establish persistent access. The potential for privilege escalation is significant, as the injected code could be executed with the privileges of the Isaac-GR00T process. Data tampering could corrupt training datasets or deployed models, leading to unpredictable robot behavior. The blast radius extends to any system utilizing vulnerable versions of Isaac-GR00T, particularly those involved in critical robotics applications.
CVE-2025-23296 was publicly disclosed on 2025-08-13. There is no indication of this vulnerability being actively exploited at this time. The EPSS score is currently pending evaluation. No public proof-of-concept exploits have been published. It is not listed on the CISA KEV catalog.
Robotics developers and engineers utilizing NVIDIA Isaac-GR00T are at risk. Organizations deploying Isaac-GR00T in production environments, particularly those involving autonomous systems or critical infrastructure, face a heightened risk. Those using older, unpatched versions of Isaac-GR00T are most vulnerable.
• windows / supply-chain:
Get-Process | Where-Object {$_.ProcessName -like '*isaac-gr00t*'}• linux / server:
ps aux | grep isaac-gr00t• python:
import os
import sys
print(sys.version)• generic web: Check for unusual file uploads or modifications to Python scripts within the Isaac-GR00T environment.
disclosure
漏洞利用状态
EPSS
0.04% (10% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2025-23296 is to upgrade to version 9ca97e1 or later. If immediate upgrading is not feasible, consider implementing strict input validation on any data passed to the vulnerable Python component. This can help prevent malicious code from being injected. Review and restrict access to the Python component to only authorized users and processes. Monitor system logs for any unusual activity or attempts to exploit the vulnerability. While a WAF is unlikely to directly mitigate this code injection, it can help detect and block suspicious requests targeting the vulnerable component. After upgrading, confirm the fix by attempting to trigger the code injection vulnerability with known payloads and verifying that they are blocked.
Actualice NVIDIA Isaac-GR00T a la versión que incluye el commit 9ca97e1 o posterior. Esto solucionará la vulnerabilidad de inyección de código. Consulte el advisory de NVIDIA para obtener más detalles e instrucciones específicas.
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2025-23296 is a code injection vulnerability affecting NVIDIA Isaac-GR00T versions before 9ca97e1. It allows attackers to inject and execute malicious code, potentially leading to system compromise.
You are affected if you are using NVIDIA Isaac-GR00T versions prior to 9ca97e1. Check your version and upgrade immediately if vulnerable.
Upgrade to version 9ca97e1 or later. Implement input validation as a temporary workaround if upgrading is not immediately possible.
There is currently no evidence of active exploitation of CVE-2025-23296.
Refer to the NVIDIA security bulletin for CVE-2025-23296 on the NVIDIA website (https://www.nvidia.com/en-us/security/).