cbcvebase.
CVE-2025-41108
published 2025-10-22

CVE-2025-41108: The communication protocol implemented in Ghost Robotics Vision 60 v0.27.2 could allow an attacker to send commands to the robot from an external attack…

PriorityP264critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.29%
21.1th percentile
The communication protocol implemented in Ghost Robotics Vision 60 v0.27.2 could allow an attacker to send commands to the robot from an external attack station, impersonating the control station (tablet) and gaining unauthorised full control of the robot. The absence of encryption and authentication mechanisms in the communication protocol allows an attacker to capture legitimate traffic between the robot and the controller, replicate it, and send any valid command to the robot from any attacking computer or device. The communication protocol used in this interface is based on MAVLink, a widely documented protocol, which increases the likelihood of attack. There are two methods for connecting to the robot remotely: Wi-Fi and 4G/LTE.

Affected

2 ranges
VendorProductVersion rangeFixed in
ghost_roboticsvision_60
ghostroboticsvision_60_firmware

Detection & IOCsextracted from sources · hover to see the quote

versionGhost Robotics Vision 60 v0.27.2
otherMAVLink protocol (unencrypted, unauthenticated)
  • Monitor for replayed or spoofed MAVLink command traffic on Wi-Fi and 4G/LTE interfaces targeting Ghost Robotics Vision 60 robots; absence of encryption/authentication means any valid MAVLink packet from an unexpected source IP should be flagged.
  • Capture and inspect traffic on both Wi-Fi and 4G/LTE interfaces of the Vision 60 for unauthenticated MAVLink command packets originating from hosts other than the registered control station (tablet).
  • Use Wireshark to identify cleartext MAVLink traffic between the robot and controller; any duplicate or out-of-sequence command packets from unexpected sources indicate a replay/impersonation attack.
  • ·The vulnerability affects the specific firmware version v0.27.2; verify the exact version deployed before applying detections.
  • ·Attack surface expands significantly when the robot is controlled via an external Android application (APK); a full mobile app security audit (OWASP Mobile Top 10) is required in addition to network-layer controls.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.09.2CRITICALCVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.