CVE-2025-64307 - CVE Detail - IronMonkey Threat Research

Description

The Brightpick Internal Logic Control web interface is accessible without requiring user authentication. An unauthorized user could exploit this interface to manipulate robot control functions, including initiating or halting runners, assigning jobs, clearing stations, and deploying storage totes.

CVSS Metrics

Base Score: 6.5 (MEDIUM)

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector	ADJACENT_NETWORK
Attack Complexity	LOW
Privileges Required	NONE
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	NONE
Integrity Impact	HIGH
Availability Impact	NONE

Source: [email protected]

Type: Secondary

Exploitability Score: 2.8

Impact Score: 3.6

Base Score: 7.1 (HIGH)

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector	ADJACENT
Attack Complexity	LOW
Attack Requirements	NONE
Privileges Required	NONE
User Interaction	NONE
Vulnerability Confidentiality	NONE
Vulnerability Integrity	HIGH
Vulnerability Availability	NONE
Subsequent Confidentiality	NONE
Subsequent Integrity	NONE
Subsequent Availability	NONE