Security gaps: Nvidia equips AI and robotics software against potential attacks

AI and robotics developers working with Nvidia software should install available security patches for Isaac Lab, NeMo Framework, and Resiliency Extension promptly. Otherwise, attackers can exploit several vulnerabilities to compromise systems. So far, there are no indications of ongoing attacks. Nevertheless, administrators should install the updates promptly to reduce the attack surface for attackers.

Various security vulnerabilities closed

As indicated in a warning message, a “critical” vulnerability (CVE-2025-32210) in the Isaac Lab robotics framework is the most dangerous. Because untrusted data is processed in this context, errors occur. This can lead to malicious code entering systems and compromising them.

According to the developers, all platforms are affected. Isaac Sim v2.3.0 is protected against the described attack. All previous versions are threatened. It is currently unclear whether there are already attacks and how attacks could proceed in detail.

NeMo Framework and Resiliency Extension for training AI models are each vulnerable through two security flaws. If attackers successfully exploit the vulnerabilities (CVE2-205-33212 “high”, CVE-2025-33226 “high”) in NeMo Framework, they can cause services to crash, gain higher privileges, or even execute their code. Version 2.5.3 provides a remedy.

In a post, the developers explain that Resiliency Extension can only be attacked under Linux (CVE-2025-33225 “high”, CVE-2025-33235 “high”). Among other things, this can lead to DoS conditions and thus to crashes. Version 0.5.0 is said to be equipped to handle this.

(des)