CVE-2025-64309
Published: 15 November 2025
Summary
CVE-2025-64309 is a high-severity Unprotected Transport of Credentials (CWE-523) vulnerability in Brightpick Mission Control (inferred from references). Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 27.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly identifies and restricts actions performable without identification or authentication, preventing unauthenticated access to the sensitive WebSocket endpoint exposing telemetry, configuration, and credentials.
Enforces approved authorizations and protections for publicly accessible system resources, mitigating exposure of sensitive data via discoverable unauthenticated WebSocket URLs.
Mandates enforcement of access control policies to block unauthorized logical access to sensitive information disclosed over the unauthenticated WebSocket connection.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated exposure of credentials, device configurations, and telemetry via public-facing WebSocket enables T1190 exploitation and directly facilitates pre-compromise reconnaissance of victim credentials (T1589.001) and client configurations (T1592.004).
NVD Description
Brightpick Mission Control discloses device telemetry, configuration, and credential information via WebSocket traffic to unauthenticated users when they connect to a specific URL. The unauthenticated URL can be discovered through basic network scanning techniques.
Deeper analysisAI
CVE-2025-64309 is a high-severity information disclosure vulnerability (CVSS 8.6, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N) affecting Brightpick Mission Control software, associated with CWE-523. The flaw allows unauthenticated users to access device telemetry, configuration, and credential information through WebSocket traffic by connecting to a specific URL. This URL is discoverable via basic network scanning techniques, exposing sensitive data without authentication.
Remote attackers require no privileges or user interaction to exploit this vulnerability over the network with low complexity. Successful exploitation grants access to confidential operational data, including credentials, potentially enabling further reconnaissance, lateral movement, or disruption in environments relying on Brightpick Mission Control for device management.
CISA has published ICS Advisory ICSA-25-317-04 detailing the issue, available at https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-04, along with a corresponding CSAF file at https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-317-04.json. Vendor contact information is provided at https://brightpick.ai/contact-us/ for mitigation guidance and patches.
Details
- CWE(s)