CVE-2025-41109 — MEDIUM (4.6)

Vulnerability Description

Ghost Robotics Vision 60 v0.27.2 includes, among its physical interfaces, three RJ45 connectors and a USB Type-C port. The vulnerability is due to the lack of authentication mechanisms when establishing connections through these ports. Specifically, with regard to network connectivity, the robot's internal router automatically assigns IP addresses to any device physically connected to it. An attacker could connect a WiFi access point under their control to gain access to the robot's network without needing the credentials for the deployed network. Once inside, the attacker can monitor all its data, as the robot runs on ROS 2 without authentication by default.

CVSS Score

4.6

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Ghostrobotics	Vision 60 Firmware	0.27.2
Ghostrobotics	Vision 60	-

Related Weaknesses (CWE)

CWE-798

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-ghosThird Party Advisory

FAQ

What is CVE-2025-41109?

CVE-2025-41109 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Ghost Robotics Vision 60 v0.27.2 includes, among its physical interfaces, three RJ45 connectors and a USB Type-C port. The vulnerability is due to the lack of authentication mechanisms when establishi...

How severe is CVE-2025-41109?

CVE-2025-41109 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-41109?

Check the references section above for vendor advisories and patch information. Affected products include: Ghostrobotics Vision 60 Firmware, Ghostrobotics Vision 60.