{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-23296", "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "state": "PUBLISHED", "assignerShortName": "nvidia", "dateReserved": "2025-01-14T01:06:26.349Z", "datePublished": "2025-08-13T17:25:50.214Z", "dateUpdated": "2025-08-13T18:17:41.459Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["All"], "product": "NVIDIA Isaac-GR00T N1", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "All versions that do not include code commit 9ca97e1"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": true, "type": "text/html", "value": "NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering."}], "value": "NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering."}], "impacts": [{"descriptions": [{"lang": "en", "value": "Code execution, escalation of privileges, information disclosure and data tampering"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia", "dateUpdated": "2025-08-13T17:25:50.214Z"}, "references": [{"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23296"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2025-23296"}, {"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5681"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "NVIDIA PSIRT"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-13T18:17:31.575216Z", "id": "CVE-2025-23296", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-13T18:17:41.459Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-23296", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-08-13T18:17:31.575216Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-13T18:17:34.386Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "impacts": [{"descriptions": [{"lang": "en", "value": "Code execution, escalation of privileges, information disclosure and data tampering"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "NVIDIA", "product": "NVIDIA Isaac-GR00T N1", "versions": [{"status": "affected", "version": "All versions that do not include code commit 9ca97e1"}], "platforms": ["All"], "defaultStatus": "unaffected"}], "references": [{"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23296"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2025-23296"}, {"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5681"}], "x_generator": {"engine": "NVIDIA PSIRT"}, "descriptions": [{"lang": "en", "value": "NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.", "supportingMedia": [{"type": "text/html", "value": "NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.", "base64": true}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia", "dateUpdated": "2025-08-13T17:25:50.214Z"}}}, "cveMetadata": {"cveId": "CVE-2025-23296", "state": "PUBLISHED", "dateUpdated": "2025-08-13T18:17:41.459Z", "dateReserved": "2025-01-14T01:06:26.349Z", "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "datePublished": "2025-08-13T17:25:50.214Z", "assignerShortName": "nvidia"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering."}, {"lang": "es", "value": "NVIDIA Isaac-GR00T para todas las plataformas contiene una vulnerabilidad en un componente de Python que podr\u00eda provocar una inyecci\u00f3n de c\u00f3digo. Una explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo, la escalada de privilegios, la divulgaci\u00f3n de informaci\u00f3n y la manipulaci\u00f3n de datos."}], "id": "CVE-2025-23296", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "psirt@nvidia.com", "type": "Secondary"}]}, "published": "2025-08-13T18:15:29.410", "references": [{"source": "psirt@nvidia.com", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23296"}, {"source": "psirt@nvidia.com", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5681"}, {"source": "psirt@nvidia.com", "url": "https://www.cve.org/CVERecord?id=CVE-2025-23296"}], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "psirt@nvidia.com", "type": "Secondary"}]}

{}

{"created": "2025-08-14T12:59:58.953472+00:00", "updated": "2025-08-14T12:59:58.953527+00:00", "vendors": ["nvidia", "nvidia$PRODUCT$isaac-gr00t"]}