CVE-2025-10772
📋 TL;DR
This vulnerability in huggingface LeRobot up to version 0.3.3 allows attackers on the local network to access ZeroMQ sockets without authentication. It affects systems running LeRobot with the lekiwi_remote.py component exposed. The vulnerability enables unauthorized interaction with robot control interfaces.
💻 Affected Systems
- huggingface LeRobot
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could gain unauthorized control of robotic systems, potentially causing physical damage, data theft, or disruption of operations.
Likely Case
Unauthorized access to robot control interfaces allowing monitoring of operations, data exfiltration, or limited manipulation of robotic functions.
If Mitigated
With proper network segmentation and authentication controls, impact is limited to potential reconnaissance of exposed interfaces.
🎯 Exploit Status
Exploitation requires local network access and knowledge of ZeroMQ socket endpoints. No authentication bypass needed as authentication is completely missing.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: UNKNOWN
Vendor Advisory: NONE
Restart Required: No
Instructions:
No official patch available as vendor did not respond. Upgrade to version above 0.3.3 if available, or implement workarounds.
🔧 Temporary Workarounds
Network Segmentation
allIsolate LeRobot systems from untrusted local network segments using firewall rules or VLANs.
Disable Vulnerable Component
allDisable or remove the lekiwi_remote.py component if not required for operations.
mv lerobot/common/robot_devices/robots/lekiwi_remote.py lerobot/common/robot_devices/robots/lekiwi_remote.py.disabled
🧯 If You Can't Patch
- Implement strict network access controls to limit which systems can communicate with LeRobot ZeroMQ ports
- Monitor network traffic to/from LeRobot systems for unusual patterns or unauthorized access attempts
🔍 How to Verify
Check if Vulnerable:
Check LeRobot version: python -c "import lerobot; print(lerobot.__version__)" and verify if <= 0.3.3. Also check if lekiwi_remote.py exists and ZeroMQ sockets are listening.Check Version:
python -c "import lerobot; print(lerobot.__version__)"Verify Fix Applied:
Verify version is > 0.3.3 or that lekiwi_remote.py component is disabled/removed. Test that ZeroMQ sockets require authentication or are not exposed.📡 Detection & Monitoring
Log Indicators:
- Unauthorized connection attempts to ZeroMQ ports
- Unexpected commands sent to robot control interfaces
Network Indicators:
- Unusual traffic patterns to LeRobot ZeroMQ ports (default 5555-5560 range)
- Connections from unauthorized IP addresses to robot control ports
SIEM Query:
source="network_logs" dest_port IN (5555, 5556, 5557, 5558, 5559, 5560) AND NOT src_ip IN (allowed_ips)