关键信息 CVE ID: CVE-2025-33184 CNA: NVIDIA Corporation 发布日期: 2025-11-18 更新日期: 2025-11-18 描述 NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component, where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. CWE CWE-94: Improper Control of Generation of Code ('Code Injection') CVSS 分数: 7.8 严重性: HIGH 版本: 3.1 向量字符串: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 产品状态 供应商: NVIDIA 产品: NVIDIA Isaac-GR00T N1.5 平台: All 受影响版本: All versions that do not include code commit 7f53666 参考链接 1. https://nvd.nist.gov/vuln/detail/CVE-2025-33184 2. https://cve.org/CVERecord?id=CVE-2025-33184 3. https://nvidia.custhelp.com/app/answers/detail/a_id/5725