CVE-2025-64308
BaseFortify
Publication date: 2025-11-15
Last updated on: 2025-11-15
Assigner: ICS-CERT
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| brightpick | mission_control | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-523 | Login pages do not use adequate measures to protect the user name and password while they are in transit from the client to the server. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the Brightpick Mission Control web application exposing hardcoded credentials within its client-side JavaScript bundle. This means that sensitive login information is embedded directly in the code that is sent to users' browsers, making it accessible to anyone who inspects the web application's code.
How can this vulnerability impact me? :
The exposure of hardcoded credentials can allow unauthorized attackers to gain access to the application or its backend systems without needing to bypass authentication. This can lead to unauthorized access, data breaches, and potential compromise of sensitive information or system control.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
Exposing hardcoded credentials increases the risk of unauthorized access to sensitive data, which can lead to violations of data protection regulations such as GDPR and HIPAA. Organizations may face compliance issues, legal penalties, and reputational damage if such vulnerabilities lead to data breaches involving personal or protected health information.