CVE-2025-10772 is a medium-severity vulnerability affecting the huggingface LeRobot software versions 0.3.0 through 0.3.3. The vulnerability resides in the ZeroMQ Socket Handler component, specifically within the file lerobot/common/robot_devices/robots/lekiwi_remote.py. The issue is characterized by missing authentication controls, allowing an attacker to interact with certain functionalities without proper verification. This flaw can be exploited only from within the local network, limiting the attack vector to internal actors or those who have gained local network access. The vulnerability does not require any user interaction, authentication, or elevated privileges to exploit, but the impact on confidentiality, integrity, and availability is limited to low levels. The vendor, huggingface, was contacted about the vulnerability but did not respond, and no patches or mitigations have been published yet. The CVSS 4.0 base score is 5.3, reflecting a medium severity level due to the local attack vector and limited impact. No known exploits are currently reported in the wild. The vulnerability could allow unauthorized local users or compromised devices to manipulate or interfere with the robot devices managed by LeRobot, potentially leading to unauthorized commands or data leakage within the local environment.

For European organizations, the impact of CVE-2025-10772 depends largely on the deployment of huggingface LeRobot within their operational environments. Organizations using LeRobot to manage robotic devices or automation systems could face risks of unauthorized local network actors issuing commands or accessing device data without authentication. This could lead to operational disruptions, data integrity issues, or unauthorized control of robotic assets. Although the attack is limited to local network access, insider threats or lateral movement by attackers who have breached perimeter defenses could exploit this vulnerability. In sectors such as manufacturing, logistics, or research institutions where robotic automation is critical, this could result in production downtime or compromised safety. The lack of vendor response and absence of patches increases the risk exposure until mitigations are implemented. However, the overall impact is moderated by the requirement for local network access and the limited scope of the affected functionality.

European organizations should implement network segmentation to isolate devices running LeRobot from general user networks, restricting access to trusted hosts only. Employ strict access controls and monitoring on local networks to detect unauthorized scanning or connection attempts to ZeroMQ sockets. Use host-based firewalls to limit inbound connections to the affected LeRobot components. Since no patches are currently available, consider disabling or restricting the use of the vulnerable functionality if feasible. Conduct thorough internal audits to identify all instances of LeRobot deployment and assess exposure. Additionally, implement network intrusion detection systems (NIDS) tuned to detect anomalous ZeroMQ traffic patterns. Educate internal staff about the risks of lateral movement and enforce strong endpoint security to prevent attackers from gaining local network footholds. Monitor vendor communications for updates or patches and plan for timely application once available.