Categories: Cyber Security News

NVIDIA’s Isaac-GROOT Robotics Platform Vulnerability Lets Attackers Inject Malicious Code

NVIDIA has released critical security patches addressing two high-severity vulnerabilities in its Isaac-GR00T robotics platform, a foundation model designed for robotic manipulation tasks.

The vulnerabilities, tracked as CVE-2025-33183 and CVE-2025-33184, stem from improper control of code generation in Python components and could allow authenticated local attackers to inject malicious code with severe consequences.

Table of Contents

Toggle

Vulnerability Details and Impact

Both vulnerabilities carry a CVSS v3.1 base score of 7.8, classified as High severity, and affect all platforms running the Isaac-GR00T N1.5 robotics platform.

The flaws reside in a Python component where attackers with local access and low privileges could exploit insufficient input validation to execute arbitrary code injection attacks.

If successfully exploited, these vulnerabilities could lead to unauthorized code execution, privilege escalation, sensitive information disclosure, and data tampering.

The attack vector is local (AV:L), requires low attack complexity (AC:L), necessitates low privileges (PR:L), and requires no user interaction (UI:N).

This means an attacker with basic local system access could potentially compromise the entire robotic system without any special administrative rights or user involvement.

The vulnerability impacts all versions of NVIDIA Isaac-GR00T that do not include code commit 7f53666.

NVIDIA recommends installing the patched software available on GitHub at commit 7f53666 of the NVIDIA Isaac-GR00T repository immediately. Any code branch incorporating this specific commit will resolve both vulnerabilities.

CVE Details

CVE ID	Product	Severity	CVSS Score	CWE	Vector	Impact
CVE-2025-33183	NVIDIA Isaac-GR00T N1.5	High	7.8	CWE-94	AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	Code Execution, Privilege Escalation, Information Disclosure, Data Tampering
CVE-2025-33184	NVIDIA Isaac-GR00T N1.5	High	7.8	CWE-94	AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	Code Execution, Privilege Escalation, Information Disclosure, Data Tampering

Organizations deploying NVIDIA Isaac-GR00T in production environments should prioritize patching systems immediately.

The vulnerability’s local attack vector limits exposure to users with system access, but robotics deployments often operate in shared environments where this risk is significant.

NVIDIA credits Peter Girnus from Trend Micro Zero Day Initiative for responsibly disclosing these vulnerabilities.

Find this Story Interesting! Follow us on Google News, LinkedIn and X to Get More Instant Updates

The post NVIDIA’s Isaac-GROOT Robotics Platform Vulnerability Lets Attackers Inject Malicious Code appeared first on Cyber Security News.

NVIDIA’s Isaac-GROOT Robotics Platform Vulnerability Let Attackers Inject Malicious Codes

NVIDIA has disclosed two critical code injection vulnerabilities affecting its Isaac-GR00T robotics platform. The vulnerabilities, tracked as CVE-2025-33183 and CVE-2025-33184, exist within Python components and could allow authenticated attackers to execute arbitrary code, escalate privileges, and alter system data. The flaws pose a significant threat to organizations deploying NVIDIA’s robotics…

November 25, 2025

In "Cyber Security News"

Critical NVIDIA Isaac Vulnerabilities Allow Attackers to Execute Malicious Code

NVIDIA released critical security updates for its Isaac Launchable platform on December 23, 2025, addressing three severe vulnerabilities that could allow unauthenticated attackers to execute arbitrary code remotely. All three flaws carry a maximum CVSS score of 9.8, placing them in the critical severity category and demanding immediate remediation across…

December 25, 2025

In "Cyber Security News"