CVE-2025-9229

Summary

Information disclosure vulnerability in error handling in MiR software prior to version 3.0.0 allows unauthenticated attackers to view detailed error information, such as file paths and other data, via access to verbose error pages.

Affected Software

VendorProductVersion RangeStatus
Mobile Industrial RobotsMiR Robots0 < 3.0.0affected
Mobile Industrial RobotsMiR Fleet0 < 3.0.0affected

Weaknesses

  • CWE-209: CWE-209 Generation of Error Message Containing Sensitive Information

Workarounds

If you cannot immediately update to the recommended version, we recommend the following compensating measures:

  1. Operate the MiR system in a segmented and secured network with strict firewall rules

  2. Secure user accounts on the MiR system as recommended in the MiR Cybersecurity Guide

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References