CVE-2025-47417

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Crestron Automate VX allows Functionality Misuse. When Enable Debug Images in Crestron Automate VX is active, snapshots of the captured video or portions thereof are stored locally on the system, and there is no visible indication that this is being done. This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49.

CVSS

No CVSS.

References

Link	Resource
https://security.crestron.com
https://www.crestron.com/Software-Firmware/Software/Automate-VX-Software/6-4-1-8
https://www.crestron.com/release_notes/automate_vx_6.4.1.8_release_notes.pdf

Configurations

No configuration.

History

07 May 2025, 14:13

Type	Values Removed	Values Added
Summary		(es) Vulnerabilidad de exposición de información sensible a un actor no autorizado en Crestron Automate VX permite el uso indebido de la funcionalidad. Cuando la opción "Habilitar imágenes de depuración" en Crestron Automate VX está activa, las instantáneas del vídeo capturado o fragmentos del mismo se almacenan localmente en el sistema, sin que haya indicios visibles de que esto ocurra. Este problema afecta a Automate VX desde la versión 5.6.8161.21536 hasta la 6.4.0.49.

06 May 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-06 20:15

Updated : 2025-05-07 14:13

NVD link : CVE-2025-47417

Mitre link : CVE-2025-47417

CVE.ORG link : CVE-2025-47417

JSON object : View

Products Affected

No product.

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2025-47417", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "25b0b659-c4b4-483f-aecb-067757d23ef3", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-05-06T20:15:27.333", "references": [{"url": "https://security.crestron.com", "source": "25b0b659-c4b4-483f-aecb-067757d23ef3"}, {"url": "https://www.crestron.com/Software-Firmware/Software/Automate-VX-Software/6-4-1-8", "source": "25b0b659-c4b4-483f-aecb-067757d23ef3"}, {"url": "https://www.crestron.com/release_notes/automate_vx_6.4.1.8_release_notes.pdf", "source": "25b0b659-c4b4-483f-aecb-067757d23ef3"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "25b0b659-c4b4-483f-aecb-067757d23ef3", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Crestron Automate VX allows Functionality Misuse.\n\n\n\nWhen Enable Debug Images in Crestron Automate VX is active, snapshots of the captured video or portions thereof are stored locally on the system, and there is no visible indication that this is being done.\n\n\nThis issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49."}, {"lang": "es", "value": "Vulnerabilidad de exposici\u00f3n de informaci\u00f3n sensible a un actor no autorizado en Crestron Automate VX permite el uso indebido de la funcionalidad. Cuando la opci\u00f3n \"Habilitar im\u00e1genes de depuraci\u00f3n\" en Crestron Automate VX est\u00e1 activa, las instant\u00e1neas del v\u00eddeo capturado o fragmentos del mismo se almacenan localmente en el sistema, sin que haya indicios visibles de que esto ocurra. Este problema afecta a Automate VX desde la versi\u00f3n 5.6.8161.21536 hasta la 6.4.0.49."}], "lastModified": "2025-05-07T14:13:20.483", "sourceIdentifier": "25b0b659-c4b4-483f-aecb-067757d23ef3"}