<ciso brief/>
Tag Banner

All news with #brightpick ai tag

all tags →

Thu, November 13, 2025

Brightpick Mission Control and Internal Logic Control Flaws

#Security Advisory #Hardcoded Secrets #Insecure Defaults #IAM #Brightpick AI

⚠️ CISA published an advisory on November 13, 2025, warning that Brightpick AI devices — Mission Control and Internal Logic Control — contain multiple high-severity weaknesses that are remotely exploitable. Tracked as CVE-2025-64307, CVE-2025-64308, and CVE-2025-64309, the issues include missing authentication, hardcoded credentials in client-side JavaScript, and an unauthenticated WebSocket endpoint. Calculated scores reach up to CVSS v4 8.7, and CISA advises isolating affected systems, minimizing network exposure, and using secure remote access while conducting impact assessments.

read more →