PT-2025-19988 · Crestron · Crestron Automate Vx
Published
2025-05-06
·
Updated
2025-05-06
·
CVE-2025-47417
CVSS v4.0
5.1
Medium
| Vector | AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Crestron Automate VX versions 5.6.8161.21536 through 6.4.0.49
Description
The issue allows exposure of sensitive information to an unauthorized actor, enabling functionality misuse. When the
Enable Debug Images feature in Crestron Automate VX is active, snapshots of captured video or portions thereof are stored locally on the system without any visible indication.Recommendations
For Crestron Automate VX versions 5.6.8161.21536 through 6.4.0.49, consider disabling the
Enable Debug Images feature to prevent unauthorized access to sensitive information until a patch is available.Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Crestron Automate Vx