CVE-2025-54964

High CVSS: 8.4

An issue was discovered in BAE SOCET GXP before 4.6.0.2. An attacker with the ability to interact with the GXP Job Service may inject arbitrary executables. If the Job Service is configured for local-only access, this may allow for privilege escalation in certain situations. If the Job Service is network accessible, this may allow remote command execution.

Vendor

Baesystems

Product

Socet Gxp

CWE

CWE-77

Yayın Tarihi

2025-10-23 20:15:39

Güncelleme

2025-10-28 16:19:45

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-77 Socet Gxp HIGH Baesystems 2025

Referanslar

https://www.baesystems.com/en-us/product/geospatial-exploitation-products https://www.geospatialexploitationproducts.com/content/socet-gxp/vulnerabilities-disclosure/#cve-2025-54964

Benzer Kayıtlar

Medium

CVE-2025-54965

An XSS issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service does not properly sanitize…

Medium

CVE-2025-54967

An issue was discovered in BAE SOCET GXP before 4.6.0.3. It permits external entities in certain XML-based files. An att…

High

CVE-2025-54968

An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Service does not require authentication. In s…

Medium

CVE-2025-54969

An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service does not implement CSRF protec…

Medium

CVE-2025-54970

An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service fails to authenticate requests…

Medium

CVE-2025-54963

An issue was discovered in BAE SOCET GXP before 4.6.0.2. An attacker with the ability to interact with the GXP Job Servi…