Cyber Posture

CVE-2025-64309

High

Published: 15 November 2025

Published
15 November 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
EPSS Score 0.0010 27.4th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Description

Brightpick Mission Control discloses device telemetry, configuration, and credential information via WebSocket traffic to unauthenticated users when they connect to a specific URL. The unauthenticated URL can be discovered through basic network scanning techniques.

Mitigating Controls (NIST 800-53 r5)AI

AC-14 Permitted Actions Without Identification or Authentication good match
prevent

Directly identifies and restricts actions performable without identification or authentication, preventing unauthenticated access to the sensitive WebSocket endpoint exposing telemetry, configuration, and credentials.

SC-14 Public Access Protections good match
prevent

Enforces approved authorizations and protections for publicly accessible system resources, mitigating exposure of sensitive data via discoverable unauthenticated WebSocket URLs.

AC-3 Access Enforcement good match
prevent

Mandates enforcement of access control policies to block unauthorized logical access to sensitive information disclosed over the unauthenticated WebSocket connection.

Security SummaryAI

CVE-2025-64309 is a high-severity information disclosure vulnerability (CVSS 8.6, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N) affecting Brightpick Mission Control software, associated with CWE-523. The flaw allows unauthenticated users to access device telemetry, configuration, and credential information through WebSocket traffic by connecting to a specific URL. This URL is discoverable via basic network scanning techniques, exposing sensitive data without authentication.

Remote attackers require no privileges or user interaction to exploit this vulnerability over the network with low complexity. Successful exploitation grants access to confidential operational data, including credentials, potentially enabling further reconnaissance, lateral movement, or disruption in environments relying on Brightpick Mission Control for device management.

CISA has published ICS Advisory ICSA-25-317-04 detailing the issue, available at https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-04, along with a corresponding CSAF file at https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-317-04.json. Vendor contact information is provided at https://brightpick.ai/contact-us/ for mitigation guidance and patches.

Details

CWE(s)
CWE-523

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1589.001 Credentials Reconnaissance
Adversaries may gather credentials that can be used during targeting.
attack.mitre.org →
T1592.004 Client Configurations Reconnaissance
Adversaries may gather information about the victim's client configurations that can be used during targeting.
attack.mitre.org →
Why these techniques?

Unauthenticated exposure of credentials, device configurations, and telemetry via public-facing WebSocket enables T1190 exploitation and directly facilitates pre-compromise reconnaissance of victim credentials (T1589.001) and client configurations (T1592.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References