NVIDIA has disclosed a critical security vulnerability in Isaac Lab, a component of the NVIDIA Isaac Sim framework, that could allow attackers to execute arbitrary code remotely.
The company released security patches in December 2025 to address the deserialization flaw tracked as CVE-2025-32210.
| CVE ID | Description | CVSS Score | Severity | CWE |
| CVE-2025-32210 | Deserialization vulnerability in NVIDIA Isaac Lab | 9.0 | Critical | CWE-502 |
Critical Deserialization Vulnerability
The vulnerability stems from improper deserialization in NVIDIA Isaac Lab. Successful exploitation enables threat actors to achieve code execution on affected systems.
With a CVSS score of 9.0, this flaw is classified as Critical severity. It poses significant risks to organisations using the simulation framework.
The attack vector requires network access with low attack complexity. Attackers need low-level privileges and user interaction to exploit the vulnerability.
However, the scope has changed, meaning exploitation can affect resources beyond the vulnerable component, potentially compromising confidentiality, integrity, and availability at a high level.
All versions of Isaac Lab before v2.3.0 across all platforms are vulnerable to CVE-2025-32210.
NVIDIA strongly recommends that users immediately update to Isaac Sim v2.3.0, which includes security fixes that address this deserialization weakness.
Organisations running earlier versions should prioritise patching, as remote code execution vulnerabilities provide attackers with extensive control over compromised systems.
The exploit could enable data theft, system manipulation, or deployment of additional malicious payloads.
Daniel Teixeira from NVIDIA’s AI Red Team discovered and responsibly disclosed the vulnerability.
NVIDIA’s Product Security Incident Response Team (PSIRT) released the initial security bulletin on December 2, 2025, providing detailed vulnerability information and remediation guidance.
Users should download the latest Isaac Lab version from the official GitHub repository immediately. Organizations should verify that all Isaac Lab installations are updated to v2.3.0 or later.
NVIDIA advises subscribing to security bulletin notifications through their Product Security page to stay informed about future vulnerabilities and patches.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.