NVIDIA patches critical vulnerabilities in Isaac Launchable Platform

NVIDIA released security updates for its Isaac Launchable platform on December 23, 2025, patching three critical vulnerabilities that could allow unauthenticated attackers to completely compromise affected systems.

NVIDIA Isaac Launchable is a platform that provides instant, browser-based access to NVIDIA's robotics simulation tools (Isaac Sim and Isaac Lab) without complex local setup or powerful hardware. Users can develop, simulate, and test AI-powered robots entirely through their web browser, with one tab running Visual Studio Code for coding and another streaming the Isaac Sim interface.

Vulnerabilities summary:

• CVE-2025-33222 (CVSS score 9.8) - A hard-coded credential vulnerability that allows attackers to bypass authentication mechanisms, potentially leading to code execution, escalation of privileges, denial of service, and data tampering.
• CVE-2025-33223 (CVSS score 9.8) - An execution with unnecessary privileges vulnerability that enables attackers to run malicious code with elevated system permissions, resulting in code execution, escalation of privileges, denial of service, information disclosure, and data tampering.
• CVE-2025-33224 (CVSS score 9.8) - Another execution with unnecessary privileges vulnerability similar to CVE-2025-33223, allowing code execution, escalation of privileges, denial of service, information disclosure, and data tampering.

Exploiting the flaws requires no authentication or special privileges.

The vulnerabilities affect Isaac Launchable versions prior to version 1.11.1 on all platforms. NVIDIA recommends that all users download and install the latest version immediately from the official GitHub repository. Organizations utilizing Isaac Launchable in production environments should prioritize this update.