CVE Catalog

CVE-2025-64307

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.22%

12th percentile - higher than 12% of all known CVEs

Summary

The Brightpick Internal Logic Control web interface is accessible without requiring user authentication. An unauthorized user could exploit this interface to manipulate robot control functions, including initiating or halting runners, assigning jobs, clearing stations, and deploying storage totes.

Risk Assessment

Lack of authentication in the robot control interface poses a risk of unauthorized takeover of logistics processes, potentially leading to operational disruptions, equipment damage, or data theft.

Recommendation

Immediately implement authentication for the Brightpick Internal Logic Control web interface and restrict access to authorized users only via VPN or access control lists (ACLs).

Original NVD description (English source)

The Brightpick Internal Logic Control web interface is accessible without requiring user authentication. An unauthorized user could exploit this interface to manipulate robot control functions, including initiating or halting runners, assigning jobs, clearing stations, and deploying storage totes.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS