{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-64308", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2025-10-29T17:40:55.209Z", "datePublished": "2025-11-14T23:38:48.467Z", "dateUpdated": "2026-06-25T22:17:51.017Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2026-06-25T22:17:51.017Z"}, "title": "Brightpick Mission Control / Internal Logic Control Unprotected Transport of Credentials", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-523", "description": "CWE-523", "type": "CWE"}]}], "affected": [{"vendor": "Brightpick AI", "product": "Brightpick Mission Control / Internal Logic Control", "versions": [{"status": "affected", "version": "0", "lessThan": "1.67.0", "versionType": "custom"}, {"status": "unaffected", "version": "1.67.0"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle to Brightpick AI's documentation portal.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<div><div>The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle to Brightpick AI's documentation portal.</div></div>"}]}], "references": [{"url": "https://brightpick.ai/contact-us/"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-04"}, {"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-317-04.json"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}}, {"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "ADJACENT", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 7.1, "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"}}], "workarounds": [{"lang": "en", "value": "Users of the affected products are encouraged to contact Brightpick AI https://brightpick.ai/contact-us/ for additional information.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<div><div>Users of the affected products are encouraged to contact Brightpick AI <a href=\"https://brightpick.ai/contact-us/\">https://brightpick.ai/contact-us/</a> for additional information.</div></div>"}]}], "solutions": [{"lang": "en", "value": "Brightpick AI has updated their backend in Mission Control to release 1.67.0 to mitigate these vulnerabilities as of February 04, 2026. Users running Mission Control 1.67.0 or later are mitigated.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<div><div>Brightpick AI has updated their backend in Mission Control to release 1.67.0 to mitigate these vulnerabilities as of February 04, 2026. Users running Mission Control 1.67.0 or later are mitigated.</div></div>"}]}], "credits": [{"lang": "en", "value": "Souvik Kandar reported these vulnerabilities to CISA.", "type": "finder"}], "source": {"advisory": "ICSA-25-317-04", "discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-17T16:58:27.359339Z", "id": "CVE-2025-64308", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-17T16:58:32.428Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-64308", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-11-17T16:58:27.359339Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-17T16:52:34.090Z"}}], "cna": {"title": "Brightpick Mission Control / Internal Logic Control Unprotected Transport of Credentials", "source": {"advisory": "ICSA-25-317-04", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Souvik Kandar reported these vulnerabilities to CISA."}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.1, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Brightpick AI", "product": "Brightpick Mission Control / Internal Logic Control", "versions": [{"status": "affected", "version": "0", "lessThan": "1.67.0", "versionType": "custom"}, {"status": "unaffected", "version": "1.67.0"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Brightpick AI has updated their backend in Mission Control to release 1.67.0 to mitigate these vulnerabilities as of February 04, 2026. Users running Mission Control 1.67.0 or later are mitigated.", "supportingMedia": [{"type": "text/html", "value": "<div><div>Brightpick AI has updated their backend in Mission Control to release 1.67.0 to mitigate these vulnerabilities as of February 04, 2026. Users running Mission Control 1.67.0 or later are mitigated.</div></div>", "base64": false}]}], "references": [{"url": "https://brightpick.ai/contact-us/"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-04"}, {"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-317-04.json"}], "workarounds": [{"lang": "en", "value": "Users of the affected products are encouraged to contact Brightpick AI https://brightpick.ai/contact-us/ for additional information.", "supportingMedia": [{"type": "text/html", "value": "<div><div>Users of the affected products are encouraged to contact Brightpick AI <a href=\"https://brightpick.ai/contact-us/\">https://brightpick.ai/contact-us/</a> for additional information.</div></div>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle to Brightpick AI's documentation portal.", "supportingMedia": [{"type": "text/html", "value": "<div><div>The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle to Brightpick AI's documentation portal.</div></div>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-523", "description": "CWE-523"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2026-06-25T22:17:51.017Z"}}}, "cveMetadata": {"cveId": "CVE-2025-64308", "state": "PUBLISHED", "dateUpdated": "2026-06-25T22:17:51.017Z", "dateReserved": "2025-10-29T17:40:55.209Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2025-11-14T23:38:48.467Z", "assignerShortName": "icscert"}, "dataVersion": "5.2"}

{"affected": [{"affectedData": [{"defaultStatus": "unaffected", "product": "Brightpick Mission Control / Internal Logic Control", "vendor": "Brightpick AI", "versions": [{"status": "affected", "version": "All versions"}]}], "source": "ics-cert@hq.dhs.gov"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle."}], "id": "CVE-2025-64308", "lastModified": "2026-06-17T09:54:11.013", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}], "ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2025-64308", "options": [{"exploitation": "none"}, {"automatable": "yes"}, {"technicalImpact": "partial"}], "role": "CISA Coordinator", "timestamp": "2025-11-17T16:58:27.359339Z", "version": "2.0.3"}}]}, "published": "2025-11-15T00:15:47.893", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "https://brightpick.ai/contact-us/"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-317-04.json"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-04"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-523"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}

{}

{"created": "2025-11-15T22:07:29.193540+00:00", "updated": "2025-11-15T22:07:29.193574+00:00", "vendors": ["brightpick_ai", "brightpick_ai$PRODUCT$mission_control"]}