CVE-2025-23296
BaseFortify
Publication date: 2025-08-13
Last updated on: 2025-08-14
Assigner: NVIDIA Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nvidia | isaac-gr00t | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-23296 is a vulnerability in NVIDIA Isaac-GR00T affecting all platforms, specifically in a Python component. It allows an attacker to perform code injection, which means they can insert and execute unauthorized code. This can lead to arbitrary code execution, escalation of privileges, disclosure of sensitive information, and tampering with data. [1, 2]
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker to execute arbitrary code on the affected system, escalate their privileges, access confidential information, and alter or tamper with data. This can compromise the security, integrity, and availability of the system and its data. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
To mitigate CVE-2025-23296, you should immediately update NVIDIA Isaac-GR00T to a version that includes the fix from GitHub commit 9ca97e1. Applying this software update addresses the code injection vulnerability and reduces the risk of arbitrary code execution, privilege escalation, information disclosure, and data tampering. [2]