Detections
Analytics

CVE-2025-64307

high

Description

The Brightpick Internal Logic Control web interface is accessible without requiring user authentication. An unauthorized user could exploit this interface to manipulate robot control functions, including initiating or halting runners, assigning jobs, clearing stations, and deploying storage totes.

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-04

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-317-04.json

https://brightpick.ai/contact-us/

Details

Source: Mitre, NVD

Published: 2025-11-15

Updated: 2025-11-15

Risk Information

CVSS v2

Base Score: 6.1

Vector: CVSS2#AV:A/AC:L/Au:N/C:N/I:C/A:N

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: Medium

CVSS v4

Base Score: 7.1

Vector: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Severity: High

EPSS

EPSS: 0.00029