CVE-2025-33210
Deserialization Vulnerability in NVIDIA Isaac Lab Enables Code Execution
Publication date: 2025-12-16
Last updated on: 2026-02-02
Assigner: NVIDIA Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nvidia | isaac_lab | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-33210 is a critical deserialization vulnerability in NVIDIA Isaac Lab. It involves the unsafe deserialization of untrusted data (classified under CWE-502), which can allow an attacker to execute arbitrary code remotely if successfully exploited. [2, 3]
How can this vulnerability impact me? :
This vulnerability can lead to remote code execution, allowing an attacker to compromise the confidentiality, integrity, and availability of the affected system. The impact is critical, potentially resulting in full system compromise. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Users should immediately update NVIDIA Isaac Lab to version 2.3.0 or later, as this version includes the security update that fixes the deserialization vulnerability. Additionally, users are encouraged to subscribe to NVIDIA security notifications and monitor the NVIDIA Product Security page for the latest updates and advisories. [2, 3]