{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2025-64308", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2025-10-29T17:40:55.209Z", "datePublished": "2025-11-14T23:38:48.467Z", "dateUpdated": "2026-06-25T22:17:51.017Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2026-06-25T22:17:51.017Z" }, "title": "Brightpick Mission Control / Internal Logic Control Unprotected Transport of Credentials", "problemTypes": [ { "descriptions": [ { "lang": "en", "cweId": "CWE-523", "description": "CWE-523", "type": "CWE" } ] } ], "affected": [ { "vendor": "Brightpick AI", "product": "Brightpick Mission Control / Internal Logic Control", "versions": [ { "status": "affected", "version": "0", "lessThan": "1.67.0", "versionType": "custom" }, { "status": "unaffected", "version": "1.67.0" } ], "defaultStatus": "unaffected" } ], "descriptions": [ { "lang": "en", "value": "The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle to Brightpick AI's documentation portal.", "supportingMedia": [ { "type": "text/html", "base64": false, "value": "