CVE-2025-64309

High CVSS: 8.2

Brightpick Mission Control
discloses device telemetry, configuration, and credential information
via WebSocket traffic to unauthenticated users when they connect to a
specific URL. The unauthenticated URL can be discovered through basic
network scanning techniques.

Vendor

Product

CWE

CWE-523

Yayın Tarihi

2025-11-15 00:15:48

Güncelleme

2025-11-18 14:06:55

Source Identifier

ics-cert@hq.dhs.gov

KEV Date Added

Kategoriler

CWE-523 HIGH 2025

Referanslar

https://brightpick.ai/contact-us/ https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-317-04.json https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-04