AI description
CVE-2025-33183 is a code injection vulnerability found in NVIDIA Isaac-GR00T for all platforms. The vulnerability lies within a Python component, specifically due to improper input validation within the TorchSerializer class. A local attacker could exploit this vulnerability to execute arbitrary code on the target system. Successful exploitation could lead to a complete compromise of the vulnerable system, potentially resulting in code execution, privilege escalation, information disclosure, and data tampering. To mitigate this vulnerability, it is recommended to install the updates provided by NVIDIA.
- Description
- NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component, where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
- Source
- psirt@nvidia.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- psirt@nvidia.com
- CWE-94
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
7
[ZDI-25-1041|CVE-2025-33183] NVIDIA Isaac-GR00T TorchSerializer Deserialization of Untrusted Data Remote Code Execution Vulnerability (CVSS 9.8; Credit: Peter Girnus (@gothburz) of Trend Zero Day Initiative) https://t.co/dyOSkZUfyQ
@TheZDIBugs
4 Dec 2025
3475 Impressions
1 Retweet
8 Likes
3 Bookmarks
0 Replies
1 Quote
CVE-2025-33183 NVIDIA Isaac-GR00T Python Component Code Injection Vulnerability Enables Remote Attack https://t.co/VRwe7N1O0H
@VulmonFeeds
18 Nov 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes