CVE 8.7 HIGH

Use of Hard-coded Credentials vulnerability in Ghost Robotics’ Vision 60_CVE-2025-41109

October 22, 2025 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

Ghost Robotics Vision 60 v0.27.2 includes, among its physical interfaces, three RJ45 connectors and a USB Type-C port. The vulnerability is due to the lack of authentication mechanisms when establishing connections through these ports. Specifically, with regard to network connectivity, the robot's internal router automatically assigns IP addresses to any device physically connected to it. An attacker could connect a WiFi access point under their control to gain access to the robot's network without needing the credentials for the deployed network. Once inside, the attacker can monitor all its data, as the robot runs on ROS 2 without authentication by default.

AI Analysis

Lack of authentication mechanisms allows unauthorized access to the robot's network through physical interfaces

Basic Information

ID CVE-2025-41109

Source INCIBE

Published Oct 22, 2025 at 08:15

Affected Product

Vendor Ghost Robotics

Product Vision 60

Version 0.27.2

Affected Versions Ghost Robotics Vision 60 0.27.2

CWE Classification

CWE-798

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Ghost Robotics

Product Vision 60

Version 0.27.2

References

www.incibe.es /en/incibe-cert/notices/aviso/multiple-vulnerabilities-ghost-robotics-vision-60

{
    "lastseen": "",
    "description": "Ghost Robotics Vision 60 v0.27.2 includes, among its physical interfaces, three RJ45 connectors and a USB Type-C port. The vulnerability is due to the lack of authentication mechanisms when establishing connections through these ports. Specifically, with regard to network connectivity, the robot's internal router automatically assigns IP addresses to any device physically connected to it. An attacker could connect a WiFi access point under their control to gain access to the robot's network without needing the credentials for the deployed network. Once inside, the attacker can monitor all its data, as the robot runs on ROS 2 without authentication by default.",
    "published": "2025-10-22T08:15:42.407Z",
    "modified": "2025-10-22T08:15:42.407Z",
    "type": "cve",
    "title": "Use of Hard-coded Credentials vulnerability in Ghost Robotics' Vision 60",
    "source": "INCIBE",
    "references": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-ghost-robotics-vision-60",
    "id": "CVE-2025-41109",
    "bulletinFamily": "",
    "cwe": [
        "CWE-798"
    ],
    "cvelist": null,
    "sourceData": "Ghost Robotics Vision 60 0.27.2",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Vision 60",
    "version": "0.27.2",
    "vendor": "Ghost Robotics",
    "ai_description": "Lack of authentication mechanisms allows unauthorized access to the robot's network through physical interfaces",
    "ai_severity": "High",
    "ai_vendor": "Ghost Robotics",
    "ai_product": "Vision 60",
    "ai_version": "0.27.2",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply