PT-2025-38670 · Hugging Face · Lerobot
Kexinoh
·
Published
2025-09-21
·
Updated
2025-09-22
·
CVE-2025-10772
CVSS v3.1
6.3
Medium
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
huggingface LeRobot versions up to 0.3.3
Description
A vulnerability exists in huggingface LeRobot up to version 0.3.3 related to missing authentication within the ZeroMQ Socket Handler functionality of the file
lerobot/common/robot devices/robots/lekiwi remote.py. The attack can only be initiated within the local network. The vendor was contacted but did not respond.Recommendations
Update to a version beyond 0.3.3.
Exploit
Fix
Missing Authentication
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Lerobot