Cyber Posture

CVE-2025-54964

High

Published: 23 October 2025

Published
23 October 2025
Modified
28 October 2025
KEV Added
Patch
CVSS Score 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0022 44.2th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-54964 is a high-severity Command Injection (CWE-77) vulnerability in Baesystems Socet Gxp. Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 44.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly prevents command injection by validating and rejecting invalid inputs at GXP Job Service entry points.

SI-2 Flaw Remediation good match
prevent

Mandates timely flaw remediation via patching to version 4.6.0.2, eliminating the command injection vulnerability.

AC-6 Least Privilege partial match
prevent

Limits damage from injected executables by enforcing least privilege on the GXP Job Service process, mitigating privilege escalation.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
attack.mitre.org →
Why these techniques?

The vulnerability enables local privilege escalation via command injection (T1068) and remote command execution if the Job Service is network-accessible (T1210).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

An issue was discovered in BAE SOCET GXP before 4.6.0.2. An attacker with the ability to interact with the GXP Job Service may inject arbitrary executables. If the Job Service is configured for local-only access, this may allow for privilege…

more

escalation in certain situations. If the Job Service is network accessible, this may allow remote command execution.

Deeper analysisAI

CVE-2025-54964 is a command injection vulnerability (CWE-77) discovered in BAE SOCET GXP versions prior to 4.6.0.2, specifically affecting the GXP Job Service component. Published on 2025-10-23, it carries a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high confidentiality, integrity, and availability impacts from a low-complexity local attack requiring no privileges or user interaction.

An attacker with the ability to interact with the GXP Job Service can inject arbitrary executables. In configurations limited to local-only access, this may enable privilege escalation under certain conditions. If the Job Service is network accessible, exploitation can result in remote command execution.

Vendor advisories for BAE SOCET GXP, available at https://www.geospatialexploitationproducts.com/content/socet-gxp/vulnerabilities-disclosure/#cve-2025-54964 and https://www.baesystems.com/en-us/product/geospatial-exploitation-products, address the issue in version 4.6.0.2, recommending upgrade to mitigate the vulnerability.

Details

CWE(s)
CWE-77

Affected Products

baesystems
socet gxp
≤ 4.6.0.2

CVEs Like This One

CVE-2025-54968Same product: Baesystems Socet Gxp
CVE-2025-67089Shared CWE-77
CVE-2026-35682Shared CWE-77
CVE-2026-20186Shared CWE-77
CVE-2025-46428Shared CWE-77
CVE-2016-15057Shared CWE-77
CVE-2024-46662Shared CWE-77
CVE-2026-23862Shared CWE-77
CVE-2026-21638Shared CWE-77
CVE-2025-55125Shared CWE-77

References