CRITICAL🇵🇱 Wersja polska

CVE-2025-33222

CVSS 9.8v3.1pub. 2025-12-23upd. 2026-01-15

NVIDIA Isaac Launchable contains a vulnerability where an attacker could exploit a hard-coded credential issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, and data tampering.

🤖 AI Analysis
How it works

An attacker can exploit hard-coded credentials embedded in the application (CWE-798), which are identical for every product installation and cannot be changed by the user in a standard way. Since the attack vector is network-based, attack complexity is low, and no privileges or victim interaction are required, an attacker can remotely authenticate to the system using known credentials. Once access is obtained, further offensive actions are possible.

Impact

Successful exploitation of this vulnerability may lead to remote code execution (RCE), privilege escalation, denial of service (DoS), and manipulation of stored data. Complete compromise of system confidentiality, integrity, and availability.

Mitigation & patch

Apply patches available from the vendor according to the references — detailed information about the patched version is available in the NVIDIA security bulletin at https://nvidia.custhelp.com/app/answers/detail/a_id/5749. Additionally, it is recommended to restrict network access to the system running NVIDIA Isaac Launchable (firewall, network segmentation) until the patch is deployed.

Who is affected

NVIDIA Isaac Launchable — versions specified in the vendor's references (detailed versions provided in the NVIDIA bulletin: https://nvidia.custhelp.com/app/answers/detail/a_id/5749)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Nvidia Isaac Launchable

    APP
    Nvidia
    1.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEDoS
CWE
References

Related vulnerabilities

CVE-2025-33223CRITICAL9.8PL ✓ten sam produkt

NVIDIA Isaac Launchable — wykonanie kodu z nadmiernymi uprawnieniami

CVE-2025-33224CRITICAL9.8PL ✓ten sam produkt

NVIDIA Isaac Launchable — wykonanie kodu z nadmiernymi uprawnieniami

CVE-2026-24212HIGH7.5ten sam produkt

NVIDIA Isaac Launchable for Linux contains a vulnerability where sensitive information is transmitted in clear...

CVE-2026-24207CRITICAL9.8PL ✓ten sam vendor

Authentication Bypass w NVIDIA Triton Inference Server umożliwiający RCE

CVE-2026-24178CRITICAL9.8PL ✓ten sam vendor

NVIDIA NVFlare – authorization bypass przez klucz kontrolowany przez użytkownika