CVE-2025-33222
Unknown Unknown - Not Provided
Hard-Coded Credential Vulnerability in NVIDIA Isaac Launchable

Publication date: 2025-12-23

Last updated on: 2025-12-23

Assigner: NVIDIA Corporation

Description
NVIDIA Isaac Launchable contains a vulnerability where an attacker could exploit a hard-coded credential issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, and data tampering.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-23
Last Modified
2025-12-23
Generated
2026-06-16
AI Q&A
2025-12-23
EPSS Evaluated
2026-06-14
NVD
CVE-2025-33222
EUVD
EUVD-2025-204855
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
nvidia isaac_launchable *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-798 The product contains hard-coded credentials, such as a password or cryptographic key.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in NVIDIA Isaac Launchable involves a hard-coded credential issue (CWE-798) that allows an attacker to exploit embedded credentials without any privileges or user interaction. Exploiting this flaw can lead to remote code execution, escalation of privileges, denial of service, and data tampering. It is a critical security issue with a CVSS score of 9.8, meaning it is highly severe and can be exploited remotely with low complexity. [1, 2]

Impact Analysis

If exploited, this vulnerability can have severe impacts including unauthorized remote code execution, allowing attackers to run arbitrary code; escalation of privileges, enabling attackers to gain higher access rights; denial of service, disrupting normal operations; and data tampering, compromising the integrity of data. These impacts can lead to significant security breaches and operational disruptions. [1, 2]

Mitigation Strategies

Users are strongly advised to update NVIDIA Isaac Launchable to version 1.1 or later, as this version addresses the hard-coded credential vulnerability (CVE-2025-33222). Applying this update will mitigate the risks of remote code execution, privilege escalation, denial of service, and data tampering associated with this vulnerability. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-33222. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart