CVE-2025-10772
BaseFortify
Publication date: 2025-09-22
Last updated on: 2025-09-22
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| huggingface | lerobot | 0.3.3 |
| huggingface | lerobot | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
| CWE-287 | When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in huggingface LeRobot up to version 0.3.3, specifically in the ZeroMQ Socket Handler component within the file lerobot/common/robot_devices/robots/lekiwi_remote.py. It allows an attacker on the local network to manipulate the system, leading to missing authentication, which means unauthorized access could be possible.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access due to missing authentication when exploited from within the local network. This could compromise the confidentiality, integrity, and availability of the affected system or data.