CRITICAL🇵🇱 Wersja polska

CVE-2025-33223

CVSS 9.8v3.1pub. 2025-12-23upd. 2026-01-15

NVIDIA Isaac Launchable contains a vulnerability where an attacker could cause an execution with unnecessary privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, information disclosure and data tampering.

🤖 AI Analysis
How it works

The vulnerability classified as CWE-250 (Execution with Unnecessary Privileges) consists of the software component running processes or performing operations with a broader scope of privileges than necessary. A remote, unauthenticated attacker (network vector, no required user interaction and privileges) can exploit this mechanism to take control of the vulnerable component. The lack of necessity for user interaction or prior access significantly lowers the threshold for the attacker.

Impact

An attacker can cause arbitrary code execution (RCE), privilege escalation in the system, denial of service (DoS), disclosure of confidential information, and unauthorized data modification.

Mitigation & patch

Security patches available from the manufacturer should be applied according to the references — detailed information about versions containing the fix is available in the NVIDIA security bulletin at https://nvidia.custhelp.com/app/answers/detail/a_id/5749

Who is affected

NVIDIA Isaac Launchable — specific versions indicated in the manufacturer's references (NVIDIA bulletin: https://nvidia.custhelp.com/app/answers/detail/a_id/5749)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Nvidia Isaac Launchable

    APP
    Nvidia
    1.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEDoS
CWE
References

Related vulnerabilities

CVE-2025-33222CRITICAL9.8PL ✓ten sam produkt

NVIDIA Isaac Launchable — podatność hard-coded credentials (RCE, DoS)

CVE-2025-33224CRITICAL9.8PL ✓ten sam produkt

NVIDIA Isaac Launchable — wykonanie kodu z nadmiernymi uprawnieniami

CVE-2026-24212HIGH7.5ten sam produkt

NVIDIA Isaac Launchable for Linux contains a vulnerability where sensitive information is transmitted in clear...

CVE-2026-24207CRITICAL9.8PL ✓ten sam vendor

Authentication Bypass w NVIDIA Triton Inference Server umożliwiający RCE

CVE-2026-24178CRITICAL9.8PL ✓ten sam vendor

NVIDIA NVFlare – authorization bypass przez klucz kontrolowany przez użytkownika