CVE-2025-41109
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-22

Last updated on: 2025-10-31

Assigner: Spanish National Cybersecurity Institute, S.A. (INCIBE)

Description
Ghost Robotics Vision 60 v0.27.2 includes, among its physical interfaces, three RJ45 connectors and a USB Type-C port. The vulnerability is due to the lack of authentication mechanisms when establishing connections through these ports. Specifically, with regard to network connectivity, the robot's internal router automatically assigns IP addresses to any device physically connected to it. An attacker could connect a WiFi access point under their control to gain access to the robot's network without needing the credentials for the deployed network. Once inside, the attacker can monitor all its data, as the robot runs on ROS 2 without authentication by default.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-22
Last Modified
2025-10-31
Generated
2026-06-16
AI Q&A
2025-10-22
EPSS Evaluated
2026-06-15
NVD
CVE-2025-41109
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
ghostrobotics vision_60_firmware 0.27.2
ghostrobotics vision_60 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-NVD-CWE-noinfo
CWE-798 The product contains hard-coded credentials, such as a password or cryptographic key.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in Ghost Robotics Vision 60 v0.27.2 arises because the robot's physical interfaces, including three RJ45 connectors and a USB Type-C port, lack authentication mechanisms. The internal router automatically assigns IP addresses to any device physically connected, allowing an attacker to connect a WiFi access point they control without needing network credentials. Once connected, the attacker can access the robot's network and monitor all data, as the robot runs on ROS 2 which does not have authentication enabled by default.

Impact Analysis

An attacker exploiting this vulnerability can gain unauthorized access to the robot's internal network by physically connecting a device. This can lead to data interception and monitoring of all communications within the robot's network, potentially exposing sensitive information or enabling further attacks on the system.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-41109. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart