CVE-2025-53947

Summary

A local attacker with low privileges on the Windows system where the software is installed can exploit this vulnerability to corrupt sensitive data. A data folder is created with very weak privileges, allowing any user logged into the Windows system to modify its content.

Affected Software

VendorProductVersion RangeStatus
CognexIn-Sight 2000 series5.x <= 6.5.1affected
CognexIn-Sight 7000 series5.x <= 6.5.1affected
CognexIn-Sight 8000 series5.x <= 6.5.1affected
CognexIn-Sight 9000 series5.x <= 6.5.1affected
CognexIn-Sight Explorer5.x <= 6.5.1affected

Weaknesses

  • CWE-276: CWE-276

Workarounds

Cognex reports that In-Sight Explorer based vision systems are legacy products not intended for new applications. To reduce risk, asset owners are advised to switch to next generation In-Sight Vision Suite based vision systems, such as the In-Sight 2800, In-Sight 3800, In-Sight 8900 series embedded cameras.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References