{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2025-64308", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2025-10-29T17:40:55.209Z", "datePublished": "2025-11-14T23:38:48.467Z", "dateUpdated": "2026-06-25T22:17:51.017Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2026-06-25T22:17:51.017Z" }, "title": "Brightpick Mission Control / Internal Logic Control Unprotected Transport of Credentials", "problemTypes": [ { "descriptions": [ { "lang": "en", "cweId": "CWE-523", "description": "CWE-523", "type": "CWE" } ] } ], "affected": [ { "vendor": "Brightpick AI", "product": "Brightpick Mission Control / Internal Logic Control", "versions": [ { "status": "affected", "version": "0", "lessThan": "1.67.0", "versionType": "custom" }, { "status": "unaffected", "version": "1.67.0" } ], "defaultStatus": "unaffected" } ], "descriptions": [ { "lang": "en", "value": "The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle to Brightpick AI's documentation portal.", "supportingMedia": [ { "type": "text/html", "base64": false, "value": "
The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle to Brightpick AI's documentation portal.
" } ] } ], "references": [ { "url": "https://brightpick.ai/contact-us/" }, { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-04" }, { "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-317-04.json" } ], "metrics": [ { "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ], "cvssV3_1": { "version": "3.1", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } }, { "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ], "cvssV4_0": { "attackVector": "ADJACENT", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 7.1, "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" } } ], "workarounds": [ { "lang": "en", "value": "Users of the affected products are encouraged to contact Brightpick AI https://brightpick.ai/contact-us/ for additional information.", "supportingMedia": [ { "type": "text/html", "base64": false, "value": "
Users of the affected products are encouraged to contact Brightpick AI https://brightpick.ai/contact-us/ for additional information.
" } ] } ], "solutions": [ { "lang": "en", "value": "Brightpick AI has updated their backend in Mission Control to release 1.67.0 to mitigate these vulnerabilities as of February 04, 2026. Users running Mission Control 1.67.0 or later are mitigated.", "supportingMedia": [ { "type": "text/html", "base64": false, "value": "
Brightpick AI has updated their backend in Mission Control to release 1.67.0 to mitigate these vulnerabilities as of February 04, 2026. Users running Mission Control 1.67.0 or later are mitigated.
" } ] } ], "credits": [ { "lang": "en", "value": "Souvik Kandar reported these vulnerabilities to CISA.", "type": "finder" } ], "source": { "advisory": "ICSA-25-317-04", "discovery": "EXTERNAL" }, "x_generator": { "engine": "Vulnogram 0.5.0" } }, "adp": [ { "metrics": [ { "other": { "type": "ssvc", "content": { "timestamp": "2025-11-17T16:58:27.359339Z", "id": "CVE-2025-64308", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "version": "2.0.3" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-17T16:58:32.428Z" } } ] } }