exploitDog

CVE-2025-54970

Опубликовано: 27 окт. 2025

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service fails to authenticate requests. In some configurations, this may allow remote or local users to abort jobs or read information without the permissions of the job owner.

Ссылки

https://www.baesystems.com/en-us/product/geospatial-exploitation-products
Product
https://www.geospatialexploitationproducts.com/content/socet-gxp/vulnerabilities-disclosure/#cve-2025-54970
Mitigation
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:baesystems:socet_gxp:*:*:*:*:*:*:*:*

Версия до 4.6.0.2 (исключая)

EPSS

Процентиль: 11%

0.00038

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-284

Связанные уязвимости

GHSA-9jqp-v598-j43c

CVSS3: 6.5

github

3 месяца назад

An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service fails to authenticate requests. In some configurations, this may allow remote or local users to abort jobs or read information without the permissions of the job owner.

EPSS

Процентиль: 11%

0.00038

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-284