CVE-2025-10772

EUVD-2025-30385
A vulnerability was identified in huggingface LeRobot up to 0.3.3. Affected by this vulnerability is an unknown functionality of the file lerobot/common/robot_devices/robots/lekiwi_remote.py of the component ZeroMQ Socket Handler. The manipulation leads to missing authentication. The attack can only be initiated within the local network. The vendor was contacted early about this disclosure but did not respond in any way.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
VulDBCNA
6.3 MEDIUM
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
huggingfacelerobot
0.3.0
CNA
huggingfacelerobot
0.3.1
CNA
huggingfacelerobot
0.3.2
CNA
huggingfacelerobot
0.3.3
CNA
Common Weakness Enumeration
References
https://vuldb.com/?ctiid.325128
https://vuldb.com/?id.325128
https://vuldb.com/?submit.649798
https://vuldb.com/?submit.649798