CVE-2025-64309

Summary

The affected product discloses device telemetry, configuration, and sensitive information via WebSocket traffic to unauthenticated users when they connect to a specific URL. The unauthenticated URL can be discovered through basic network scanning techniques.

Affected Software

VendorProductVersion RangeStatus
Brightpick AIBrightpick Mission Control / Internal Logic Control0 < 1.67.0affected
Brightpick AIBrightpick Mission Control / Internal Logic Control1.67.0unaffected

Weaknesses

  • CWE-523: CWE-523

Workarounds

Users of the affected products are encouraged to contact Brightpick AI https://brightpick.ai/contact-us/ for additional information.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References