CVE-2025-10772: A vulnerability was identified in huggingface LeRobot up to 0.3.3. Affected by this vulnerability is an unknown function
Summary
A vulnerability (CVE-2025-10772) was found in huggingface LeRobot versions up to 0.3.3 in the ZeroMQ Socket Handler (a tool for sending messages between programs), which allows attackers to bypass authentication (verification of who you are) when accessing the system from within a local network. The vendor was notified but did not respond with a fix.
Vulnerability Details
6.3(medium)
EPSS: 0.0%
Classification
Affected Vendors
Related Issues
CVE-2024-37052: Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling
CVE-2026-26190: Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus expose
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-10772
First tracked: February 15, 2026 at 08:44 PM
Classified by LLM (prompt v3) · confidence: 85%