PT-2025-43059 · Ghost Robotics · Ghost Robotics Vision 60

Published

2025-10-22

Updated

2025-10-22

CVE-2025-41108

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Ghost Robotics Vision 60 version 0.27.2

Description The communication protocol in the software could allow an attacker to send commands to the robot, impersonating the control station and gaining unauthorized full control. The lack of encryption and authentication in the communication protocol allows an attacker to capture and replicate legitimate traffic, sending any valid command to the robot via Wi-Fi or 4G/LTE connections. The protocol is based on MAVLink, a widely documented protocol, which may increase the likelihood of attack.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2025-41108

Affected Products

Ghost Robotics Vision 60

PT-2025-43059 · Ghost Robotics · Ghost Robotics Vision 60

CVE-2025-41108

Weakness Enumeration

Related Identifiers

Affected Products

References · 4