{"data":{"id":"81c23dfe-effc-448f-bfb2-9d4fa0f08684","title":"CVE-2025-10772: A vulnerability was identified in huggingface LeRobot up to 0.3.3. Affected by this vulnerability is an unknown function","summary":"A vulnerability (CVE-2025-10772) was found in huggingface LeRobot versions up to 0.3.3 in the ZeroMQ Socket Handler (a tool for sending messages between programs), which allows attackers to bypass authentication (verification of who you are) when accessing the system from within a local network. The vendor was notified but did not respond with a fix.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-10772","publishedAt":"2025-09-22T04:15:39.410Z","cveId":"CVE-2025-10772","cweIds":["CWE-287","CWE-306"],"cvssScore":"6.3","cvssSeverity":"medium","severity":"medium","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["HuggingFace LeRobot"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00019,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-114","CAPEC-115"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}