CVE-2025-64308
Deferred Deferred - Pending Action

BaseFortify

Vulnerability report for CVE-2025-64308, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-11-15

Last updated on: 2026-06-25

Assigner: ICS-CERT

Description

The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle to Brightpick AI's documentation portal.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-11-15
Last Modified
2026-06-25
Generated
2026-07-06
AI Q&A
2025-11-15
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
brightpick mission_control *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-523 Login pages do not use adequate measures to protect the user name and password while they are in transit from the client to the server.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability involves the Brightpick Mission Control web application exposing hardcoded credentials within its client-side JavaScript bundle. This means that sensitive login information is embedded directly in the code that is sent to users' browsers, making it accessible to anyone who inspects the web application's code.

Impact Analysis

The exposure of hardcoded credentials can allow unauthorized attackers to gain access to the application or its backend systems without needing to bypass authentication. This can lead to unauthorized access, data breaches, and potential compromise of sensitive information or system control.

Compliance Impact

Exposing hardcoded credentials increases the risk of unauthorized access to sensitive data, which can lead to violations of data protection regulations such as GDPR and HIPAA. Organizations may face compliance issues, legal penalties, and reputational damage if such vulnerabilities lead to data breaches involving personal or protected health information.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-64308. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart