NVIDIA has patched serious security flaws in its Isaac-GR00T platform, a key tool for building AI-powered humanoid robots.
Released on November 18, 2025, the update fixes two high-severity vulnerabilities that could let attackers inject malicious code.
These issues affect the platform’s Python components and were reported by security researcher Peter Girnus from Trend Micro’s Zero Day Initiative.
Isaac-GR00T, part of NVIDIA’s robotics toolkit, helps developers create “foundation models” for robots that learn human-like movements and tasks.
The flaws, tracked as CVE-2025-33183 and CVE-2025-33184, stem from improper input handling in Python code.
An attacker with local access could exploit them to run arbitrary code, potentially taking complete control of affected systems.
Vulnerability Breakdown
Both CVEs share the same profile: a CWE-94 code injection weakness. The CVSS v3.1 base score is 7.8 (High severity), with this attack vector:
| CVE ID | Description | CVSS Vector | Base Score | Severity | CWE | Potential Impacts |
|---|---|---|---|---|---|---|
| CVE-2025-33183 | Python code injection in Isaac-GR00T | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 7.8 | High | CWE-94 | Code execution, privilege escalation, info disclosure, data tampering |
| CVE-2025-33184 | Python code injection in Isaac-GR00T | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 7.8 | High | CWE-94 | Code execution, privilege escalation, info disclosure, data tampering |
Breaking down the vector: Attack requires local access (AV:L), low complexity (AC:L), low privileges (PR:L), no user interaction (UI: N), no scope change (S: U), and high impacts on confidentiality (C: H), integrity (I: H), and availability (A: H).
This means a low-privileged user on the system like a developer testing robot code could trigger the flaw, leading to full compromise.
In robotics labs, these risks include robot misbehavior, data leaks from AI training sets, or even physical hazards if connected to hardware.
The bugs hit NVIDIA Isaac-GR00T N1.5 across all platforms and operating systems. Any version without GitHub commit 7f53666 is vulnerable.
Patch and Protection Steps
NVIDIA urges users to update immediately via the Isaac-GR00T GitHub repo. Pull the latest code, including this commit, to fix both CVEs.
No workarounds exist, so avoid running unpatched versions in production.
For broader security, check NVIDIA’s Product Security page for bulletins and subscriptions.
Robotics firms using Isaac-GR00T should scan for the commit, isolate dev environments, and monitor for signs of code injection, such as unexpected Python eval() calls.
This disclosure highlights risks in AI-robotics stacks, where Python’s dynamic nature can amplify injection flaws.
NVIDIA’s quick response demonstrates solid PSIRT practices, but users must stay vigilant as humanoid robot technology advances.
