CVE-2025-54970
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-10-27
Last updated on: 2025-10-31
Assigner: MITRE
Description
Description
An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service fails to authenticate requests. In some configurations, this may allow remote or local users to abort jobs or read information without the permissions of the job owner.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| baesystems | socet_gxp | to 4.6.0.2 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in BAE SOCET GXP versions before 4.6.0.2, where the Job Status Service does not properly authenticate requests. This flaw can allow remote or local users to abort jobs or access job information without having the necessary permissions of the job owner.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing unauthorized users to interrupt ongoing jobs or access sensitive job information that they should not have permission to see. This could lead to disruption of operations and potential exposure of confidential data.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70