CRITICAL🇵🇱 Wersja polska

CVE-2025-33224

CVSS 9.8v3.1pub. 2025-12-23upd. 2026-01-15

NVIDIA Isaac Launchable contains a vulnerability where an attacker could cause an execution with unnecessary privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, information disclosure and data tampering.

🤖 AI Analysis
How it works

The vulnerability is classified as CWE-250 (Execution with Unnecessary Privileges), which means that the software component executes code or processes with a privilege level higher than required to perform the given function. An attacker can exploit this to execute their own code in the context of elevated privileges. The CVSS vector indicates the possibility of a network-based attack without the need to possess an account or any action on the victim's part.

Impact

Successful exploitation of this vulnerability may lead to remote code execution (RCE), privilege escalation, denial of service (DoS), disclosure of sensitive information, and data manipulation.

Mitigation & patch

Apply patches available from the vendor according to references — see NVIDIA security bulletin at https://nvidia.custhelp.com/app/answers/detail/a_id/5749

Who is affected

NVIDIA Isaac Launchable — specific versions indicated in vendor references (https://nvidia.custhelp.com/app/answers/detail/a_id/5749)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Nvidia Isaac Launchable

    APP
    Nvidia
    1.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEDoS
CWE
References

Related vulnerabilities

CVE-2025-33222CRITICAL9.8PL ✓ten sam produkt

NVIDIA Isaac Launchable — podatność hard-coded credentials (RCE, DoS)

CVE-2025-33223CRITICAL9.8PL ✓ten sam produkt

NVIDIA Isaac Launchable — wykonanie kodu z nadmiernymi uprawnieniami

CVE-2026-24212HIGH7.5ten sam produkt

NVIDIA Isaac Launchable for Linux contains a vulnerability where sensitive information is transmitted in clear...

CVE-2026-24207CRITICAL9.8PL ✓ten sam vendor

Authentication Bypass w NVIDIA Triton Inference Server umożliwiający RCE

CVE-2026-24178CRITICAL9.8PL ✓ten sam vendor

NVIDIA NVFlare – authorization bypass przez klucz kontrolowany przez użytkownika