PT-2025-19989 · Crestron · Crestron Automate Vx
Published
2025-05-06
·
Updated
2025-05-06
·
CVE-2025-47418
CVSS v4.0
5.3
Medium
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Crestron Automate VX versions 5.6.8161.21536 through 6.4.0.49
Description
The issue allows for the exposure of sensitive information to an unauthorized actor, enabling functionality misuse. There is no visible indication when the system is recording, and recording can be enabled remotely via a network API.
Recommendations
For Crestron Automate VX versions 5.6.8161.21536 through 6.4.0.49, update to a version that addresses this issue to prevent unauthorized access and recording. As a temporary workaround, consider restricting access to the network API to minimize the risk of exploitation.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Crestron Automate Vx