CVE-2025-64308
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk14th percentile - higher than 14% of all known CVEs
Summary
The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle to Brightpick AI's documentation portal.
Risk Assessment
An attacker could use these credentials to gain unauthorized access to the documentation portal, potentially leading to leakage of sensitive information or further attacks on the infrastructure.
Recommendation
Immediately remove the hardcoded credentials from the client-side JavaScript code and replace them with a secure authentication mechanism, such as temporary tokens or OAuth.
Original NVD description (English source)
The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle to Brightpick AI's documentation portal.

