Critical Code Execution Vulnerability in NVIDIA Isaac Lab AI Framework
A critical deserialization vulnerability (CVE-2025-32210) was discovered in NVIDIA Isaac Lab, a component of the NVIDIA Isaac Sim framework, allowing attackers with low privileges and minimal user interaction to execute arbitrary code on affected systems. The flaw, categorized as CWE-502, affects all versions of Isaac Lab prior to v2.3.0 and carries a CVSS score of 9.0, indicating a high risk to confidentiality, integrity, and availability. NVIDIA responded by releasing a security update that implements proper input validation and secure data handling, urging all users to upgrade to Isaac Lab v2.3.0 immediately to mitigate the risk of exploitation.
The vulnerability also prompted broader advisories regarding critical security patches for NVIDIA's AI platforms, including both Isaac Lab and the NeMo Framework, due to the risk of full code execution if left unpatched. Organizations using these AI tools are strongly advised to verify their deployments and apply the latest security updates across all environments. The urgency of the patch is underscored by the potential for attackers to achieve complete system compromise through network-based attacks requiring only low-level access and user interaction.
Timeline
Dec 17, 2025
NVIDIA discloses critical AI platform flaws affecting Isaac Lab and NeMo
NVIDIA publicly disclosed critical vulnerabilities affecting its Isaac Lab and NeMo Framework AI platforms, warning that the flaws could enable full code execution on affected systems. The company advised organizations to apply patches immediately to reduce exploitation risk.
Dec 17, 2025
NVIDIA releases Isaac Lab v2.3.0 to fix CVE-2025-32210
NVIDIA released Isaac Lab v2.3.0 to address CVE-2025-32210 by improving input validation and secure data handling. The vulnerability affected all Isaac Lab versions prior to v2.3.0 and carried a CVSS score of 9.0.
Dec 17, 2025
NVIDIA AI Red Team reports Isaac Lab deserialization flaw
Daniel Teixeira of the NVIDIA AI Red Team responsibly reported a deserialization of untrusted data vulnerability in NVIDIA Isaac Lab, later assigned CVE-2025-32210. The flaw could allow low-privileged attackers with minimal user interaction to execute arbitrary code.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Vulnerabilities
Organizations
Sources
Related Stories
Critical Vulnerabilities in NVIDIA Isaac Launchable Allow Remote Code Execution and Privilege Escalation
NVIDIA has disclosed multiple critical vulnerabilities in its Isaac Launchable product, each carrying a CVSS v3.1 base score of 9.8, indicating a severe risk to affected systems. The vulnerabilities include two privilege escalation flaws (CVE-2025-33223 and CVE-2025-33224) that allow attackers to execute code with unnecessary privileges, potentially leading to code execution, escalation of privileges, denial of service, information disclosure, and data tampering. Additionally, a hard-coded credential vulnerability (CVE-2025-33222) could be exploited to achieve similar impacts, including unauthorized access and manipulation of system data. All vulnerabilities are remotely exploitable and require immediate attention. NVIDIA has released security updates to address these issues and strongly recommends that users download and install the latest version of Isaac Launchable to mitigate the risks. The official security bulletin provides detailed descriptions of each CVE, their associated CWE categories, and the potential impacts. Organizations using NVIDIA Isaac Launchable should prioritize patching to prevent exploitation, as the vulnerabilities could be leveraged by remote attackers without user interaction or prior authentication.
1 months ago
Critical Deserialization Vulnerabilities in AI and Analytics Frameworks
Multiple high-severity deserialization vulnerabilities have been identified in widely used AI and analytics frameworks, including NVIDIA Isaac Lab, MooreThreads torch_musa, and NVIDIA Merlin components. These flaws allow attackers to exploit unsafe deserialization processes, potentially leading to remote code execution or denial-of-service conditions on affected systems. In the case of MooreThreads torch_musa, the vulnerability arises from the use of `pickle.load()` on user-controlled files without validation, enabling arbitrary code execution with the privileges of the victim process. Similarly, NVIDIA Isaac Lab and Merlin frameworks are affected by deserialization issues that could be exploited remotely, with Merlin's NVTabular and Transformers4Rec components specifically highlighted for their susceptibility to code execution and data tampering attacks. Security advisories urge immediate patching, as these vulnerabilities are remotely exploitable and pose significant risks to enterprise environments. The affected products span various versions, and organizations using these frameworks are advised to review vendor guidance and apply available security updates to mitigate the threat. The vulnerabilities have been assigned high or critical CVSS scores, underscoring the urgency for remediation to prevent potential exploitation in production environments.
1 months ago
NVIDIA DGX Spark Privilege Escalation and Hardware Control Vulnerabilities
NVIDIA DGX Spark GB10 systems are affected by two critical vulnerabilities, CVE-2025-33187 and CVE-2025-33188, which could allow attackers to escalate privileges and manipulate hardware controls. CVE-2025-33187 is a critical flaw in the SROOT component, enabling attackers with privileged access to gain entry to SoC protected areas, potentially resulting in code execution, information disclosure, data tampering, denial of service, or further privilege escalation. CVE-2025-33188 involves hardware resource manipulation, where successful exploitation could lead to information disclosure, data tampering, or denial of service. Both vulnerabilities are not remotely exploitable but pose significant risks if local access is obtained. NVIDIA has released critical patches to address these vulnerabilities, with CVE-2025-33187 carrying a CVSS score of 9.3 and CVE-2025-33188 rated at 8.0. Organizations using NVIDIA DGX Spark hardware are urged to apply the updates immediately to mitigate the risk of exploitation. The vulnerabilities highlight the importance of securing AI infrastructure, as exploitation could expose sensitive AI secrets and compromise system integrity. No affected product versions have been explicitly listed, but the advisories emphasize the urgency of remediation for all DGX Spark GB10 deployments.
1 months ago