CVE-2025-64307

MEDIUM(6.5)

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Risk Signal Score16/100 — NIEDRIG

CVSS 6.5 — Mittel

EPSS-Score

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

6.5

Technische Schwere

Beschreibung

The Brightpick Internal Logic Control web interface is accessible without requiring user authentication. An unauthorized user could exploit this interface to manipulate robot control functions, including initiating or halting runners, assigning jobs, clearing stations, and deploying storage totes.

Referenzen

https://brightpick.ai/contact-us/
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-31...
https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-04