CVE-2025-41109

Name of the Vulnerable Software and Affected Versions Ghost Robotics Vision 60 version 0.27.2

Description The Ghost Robotics Vision 60 robot, version 0.27.2, lacks authentication mechanisms when establishing connections through its physical interfaces, including three RJ45 connectors and a USB Type-C port. The robot’s internal router automatically assigns IP addresses to devices connected to it, allowing an attacker to connect a WiFi access point under their control and gain access to the robot’s network without credentials. Once inside the network, an attacker can monitor all data transmitted by the robot, as it operates on ROS 2 without default authentication.

Recommendations Apply authentication mechanisms when establishing connections through the RJ45 connectors and USB Type-C port. Implement network access controls to prevent unauthorized devices from connecting to the robot’s network. Secure the ROS 2 environment with appropriate authentication protocols.