CVE-2025-64307
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk12th percentile - higher than 12% of all known CVEs
Summary
The Brightpick Internal Logic Control web interface is accessible without requiring user authentication. An unauthorized user could exploit this interface to manipulate robot control functions, including initiating or halting runners, assigning jobs, clearing stations, and deploying storage totes.
Risk Assessment
Lack of authentication in the robot control interface poses a risk of unauthorized takeover of logistics processes, potentially leading to operational disruptions, equipment damage, or data theft.
Recommendation
Immediately implement authentication for the Brightpick Internal Logic Control web interface and restrict access to authorized users only via VPN or access control lists (ACLs).
Original NVD description (English source)
The Brightpick Internal Logic Control web interface is accessible without requiring user authentication. An unauthorized user could exploit this interface to manipulate robot control functions, including initiating or halting runners, assigning jobs, clearing stations, and deploying storage totes.

