CVE-2025-33222
Hard-Coded Credential Vulnerability in NVIDIA Isaac Launchable
Publication date: 2025-12-23
Last updated on: 2025-12-23
Assigner: NVIDIA Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nvidia | isaac_launchable | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in NVIDIA Isaac Launchable involves a hard-coded credential issue (CWE-798) that allows an attacker to exploit embedded credentials without any privileges or user interaction. Exploiting this flaw can lead to remote code execution, escalation of privileges, denial of service, and data tampering. It is a critical security issue with a CVSS score of 9.8, meaning it is highly severe and can be exploited remotely with low complexity. [1, 2]
How can this vulnerability impact me? :
If exploited, this vulnerability can have severe impacts including unauthorized remote code execution, allowing attackers to run arbitrary code; escalation of privileges, enabling attackers to gain higher access rights; denial of service, disrupting normal operations; and data tampering, compromising the integrity of data. These impacts can lead to significant security breaches and operational disruptions. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Users are strongly advised to update NVIDIA Isaac Launchable to version 1.1 or later, as this version addresses the hard-coded credential vulnerability (CVE-2025-33222). Applying this update will mitigate the risks of remote code execution, privilege escalation, denial of service, and data tampering associated with this vulnerability. [1]