CVE-2025-64308

Summary

The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle to Brightpick AI's documentation portal.

Affected Software

VendorProductVersion RangeStatus
Brightpick AIBrightpick Mission Control / Internal Logic Control0 < 1.67.0affected
Brightpick AIBrightpick Mission Control / Internal Logic Control1.67.0unaffected

Weaknesses

  • CWE-523: CWE-523

Workarounds

Users of the affected products are encouraged to contact Brightpick AI https://brightpick.ai/contact-us/ for additional information.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References