How severe is CVE-2025-64309?

CVE-2025-64309 has a CVSS v3 score of 8.6 (HIGH).

CVE-2025-64309

8.6HIGH

Brightpick Mission Control discloses device telemetry, configuration, and credential information via WebSocket traffic to unauthenticated users when they connect to a specific URL. The unauthentica

Published: 11/15/2025Updated: 11/18/2025

Description

Brightpick Mission Control discloses device telemetry, configuration, and credential information via WebSocket traffic to unauthenticated users when they connect to a specific URL. The unauthenticated URL can be discovered through basic network scanning techniques.

AI AnalysisPowered by AI

References

https://brightpick.ai/contact-us/
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-317-04.json
https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-04