CVE-2025-54963
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-23

Last updated on: 2025-10-28

Assigner: MITRE

Description
An issue was discovered in BAE SOCET GXP before 4.6.0.2. An attacker with the ability to interact with the GXP Job Service may submit a crafted job request that grants read access to files on the filesystem with the permissions of the GXP Job Service process. The path to a file is not sanitized for directory traversal, potentially allowing an attacker to read sensitive files in some configurations.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-23
Last Modified
2025-10-28
Generated
2026-06-16
AI Q&A
2025-10-23
EPSS Evaluated
2026-06-15
NVD
CVE-2025-54963
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
baesystems socet_gxp to 4.6.0.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a path traversal issue in the SOCET GXP Job Service of BAE Systems' SOCET GXP software (versions before 4.6.0.2). An attacker who can interact with the Job Service can submit a crafted job request specifying a log file path that is not properly sanitized. This allows the attacker to read arbitrary files on the filesystem with the permissions of the Job Service process, potentially exposing sensitive files. [1]

Impact Analysis

If exploited, this vulnerability can allow an attacker to read sensitive files on the system where the SOCET GXP Job Service is running. The attacker gains read access with the permissions of the Job Service process, which may expose confidential or critical information, leading to data leakage or unauthorized information disclosure. [1]

Detection Guidance

Detection can involve monitoring for unusual job submissions to the SOCET GXP Job Service that specify unexpected log file paths, especially those attempting directory traversal. Network monitoring for connections to the Job Service ports may also help identify exploitation attempts. Specific commands are not provided in the resources, but checking open ports related to the Job Service and reviewing job request logs for suspicious file paths is recommended. [1]

Mitigation Strategies

Immediate mitigation steps include updating SOCET GXP to version 4.6.0.2, which disables network access for the Job Service by default. If updating is not immediately possible, restrict network access by removing allowed IP addresses from the Job Service configuration or block the Job Service ports using Windows Firewall. Assistance can be obtained through Customer Technical Support. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-54963. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart