CVE-2025-68273 — MEDIUM (5.3)

Q: How severe is CVE-2025-68273?

CVE-2025-68273 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-68273?

Check the references section above for vendor advisories and patch information. Affected products include: Signalk Signal K Server.

Vulnerability Description

Signal K Server is a server application that runs on a central hub in a boat. An unauthenticated information disclosure vulnerability in versions prior to 2.19.0 allows any user to retrieve sensitive system information, including the full SignalK data schema, connected serial devices, and installed analyzer tools. This exposure facilitates reconnaissance for further attacks. Version 2.19.0 patches the issue.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Signalk	Signal K Server	< 2.19.0

Related Weaknesses (CWE)

CWE-200

References

https://github.com/SignalK/signalk-server/releases/tag/v2.19.0Release Notes
https://github.com/SignalK/signalk-server/security/advisories/GHSA-fpf5-w967-rr2ExploitVendor Advisory

FAQ

What is CVE-2025-68273?

CVE-2025-68273 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Signal K Server is a server application that runs on a central hub in a boat. An unauthenticated information disclosure vulnerability in versions prior to 2.19.0 allows any user to retrieve sensitive ...

How severe is CVE-2025-68273?

CVE-2025-68273 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-68273?

Check the references section above for vendor advisories and patch information. Affected products include: Signalk Signal K Server.