CVE-2025-54968

High

Published: 27 October 2025

Published

27 October 2025

Modified

31 October 2025

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0019 40.9th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-54968 is a high-severity Improper Access Control (CWE-284) vulnerability in Baesystems Socet Gxp. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 40.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation of Remote Services (T1210) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-14 Permitted Actions Without Identification or Authentication good match

prevent

Directly prohibits permitted actions without identification or authentication on the SOCET GXP Job Service, addressing the lack of required authentication for job submission.

AC-3 Access Enforcement good match

prevent

Enforces approved authorizations to block unauthorized remote or local job submissions to the Job Service.

AC-6 Least Privilege partial match

prevent

Limits privileges of jobs executed via the vulnerable service to mitigate privilege escalation when running under other users' permissions.

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement

Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.

attack.mitre.org →

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

The improper access control in SOCET GXP Job Service allows network-based unauthorized job submission without authentication, enabling exploitation of remote services (T1210) for arbitrary code execution and potential privilege escalation (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Service does not require authentication. In some configurations, this may allow remote users to submit jobs, or local users to submit jobs that will execute with…

the permissions of other users.

Deeper analysisAI

CVE-2025-54968 is an improper access control vulnerability (CWE-284) in BAE SOCET GXP versions prior to 4.6.0.2, specifically affecting the SOCET GXP Job Service, which does not require authentication. This flaw has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for network-based exploitation with low complexity and privileges required, leading to high impacts on confidentiality, integrity, and availability.

Attackers with low privileges can exploit this vulnerability over the network with no user interaction. In certain configurations, remote users may submit jobs directly, while local users can submit jobs that execute under the permissions of other users, potentially allowing privilege escalation, arbitrary code execution, or unauthorized access to system resources.

Advisories reference the BAE Systems Geospatial Exploitation Products page and a dedicated SOCET GXP vulnerabilities disclosure section at https://www.geospatialexploitationproducts.com/content/socet-gxp/vulnerabilities-disclosure/#cve-2025-54968, which detail the issue in versions before 4.6.0.2. Mitigation involves upgrading to SOCET GXP 4.6.0.2 or later to enforce proper authentication on the Job Service.