Flaw in NVIDIA Isaac Lab enables remote code execution
Take action: Make sure all devices running NVIDIA Isaac Lab are isolated from the internet and accessible from trusted networks only. Then plan a quick upgrade to Isaac Lab v2.3.0.
Learn More
NVIDIA has patched a critical security vulnerability in Isaac Lab, a core component of the NVIDIA Isaac Sim framework used for robotics simulation and AI development.
The flaw, is reportedly tracked as CVE-2025-32210 (CVSS score 9.0), but there is probably a typo since the same CVE was already assigned in August to a WordPress plugin. It's a deserialization flaw that allows authenticated users with low-level privileges to execute arbitrary code.
Affected versions of NVIDIA Isaac Lab include:
- All versions of Isaac Lab prior to v2.3.0 across all platforms and operating systems
- Both Community and Enterprise deployments of NVIDIA Isaac Sim framework
NVIDIA has patched this vulnerability in the Isaac Sim v2.3.0 release
NVIDIA strongly recommends that users immediately upgrade to Isaac Lab v2.3.0, available through the official GitHub repository and NVIDIA's distribution channels.
