CVE-2025-64307
6.5
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
The Brightpick Internal Logic Control web interface is accessible without requiring user authentication. An unauthorized user could exploit this interface to manipulate robot control functions, including initiating or halting runners, assigning jobs, clearing stations, and deploying storage totes.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Brightpick AI | Brightpick Mission Control / Internal Logic Control | 0 < 1.67.0 | affected |
| Brightpick AI | Brightpick Mission Control / Internal Logic Control | 1.67.0 | unaffected |
Weaknesses
- CWE-306: CWE-306
Workarounds
Users of the affected products are encouraged to contact Brightpick AI https://brightpick.ai/contact-us/ for additional information.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://brightpick.ai/contact-us/
- https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-04
- https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-317-04.json
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.