Home > Vulnerability Database > CVE-2025-10772

Mend.io Vulnerability Database

CVE-2025-10772

Date: September 21, 2025

A vulnerability was identified in huggingface LeRobot up to 0.3.3. Affected by this vulnerability is an unknown functionality of the file lerobot/common/robot_devices/robots/lekiwi_remote.py of the component ZeroMQ Socket Handler. The manipulation leads to missing authentication. The attack can only be initiated within the local network. The vendor was contacted early about this disclosure but did not respond in any way.

Severity Score

7.7

Related Resources (5)

Url: https://vuldb.com/?ctiid.325128

Url: https://vuldb.com/?id.325128

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-10772

Url: https://vuldb.com/?submit.649798

Url: https://www.mend.io/vulnerability-database/CVE-2025-10772

Severity Score

7.7

Weakness Type (CWE)

Improper Authentication

CWE-287

Missing Authentication for Critical Function

CWE-306

CVSS v3.1

Base Score:	7.7
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-10772

Date: September 21, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?