CVE-2025-41110
published 2025-10-22CVE-2025-41110: Encrypted WiFi and SSH credentials were found in the Ghost Robotics Vision 60 v0.27.2 APK. This vulnerability allows an attacker to connect to the robot's WiFi…
PriorityP352high8.8CVSS 3.1
AVAACLPRNUINSUCHIHAH
EPSS
0.24%
14.8th percentile
Encrypted WiFi and SSH credentials were found in the Ghost Robotics Vision 60 v0.27.2 APK. This vulnerability allows an attacker to connect to the robot's WiFi and view all its data, as it runs on ROS 2 without default authentication. In addition, the attacker can connect via SSH and gain full control of the robot, which could cause physical damage to the robot itself or its environment.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ghost_robotics | vision_60 | — | — |
| ghostrobotics | vision_60_firmware | — | — |
| msrc | azl3_moby-engine_25.0.3-13_on_azure_linux_3.0 | — | — |
| msrc | azl3_moby-engine_25.0.3-5_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
| msrc | cbl2_moby-engine_24.0.9-17_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_moby-engine_24.0.9-7_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.07.0HIGHCVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vendor_msrc9.9CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fxcp-3pwg-xxx2: Encrypted WiFi and SSH credentials were found in the Ghost Robotics Vision 60 v0
ghsa_unreviewed·2025-10-22
CVE-2025-41110 [HIGH] CWE-287 GHSA-fxcp-3pwg-xxx2: Encrypted WiFi and SSH credentials were found in the Ghost Robotics Vision 60 v0
Encrypted WiFi and SSH credentials were found in the Ghost Robotics Vision 60 v0.27.2 APK. This vulnerability allows an attacker to connect to the robot's WiFi and view all its data, as it runs on ROS 2 without default authentication. In addition, the attacker can connect via SSH and gain full control of the robot, which could cause physical damage to the robot itself or its environment.
Microsoft
Moby authz zero length regression
vendor_msrc·2024-07-09·CVSS 9.9
CVE-2024-41110 [CRITICAL] CWE-187 Moby authz zero length regression
Moby authz zero length regression
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
GitHub_M: GitHub_M
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Reference: https://learn.microsoft.com/e
No detection rules found.
No public exploits indexed.
arXiv
Cybersecurity of Teleoperated Quadruped Robots: A Systematic Survey of Vulnerabilities, Threats, and Open Defense Gaps
arxiv_fulltext·2026-02-26
Cybersecurity of Teleoperated Quadruped Robots: A Systematic Survey of Vulnerabilities, Threats, and Open Defense Gaps
Cybersecurity of Teleoperated Quadruped Robots: A Systematic Survey of Vulnerabilities, Threats, and Open Defense Gaps
Mohammad Sabouri\,0000-0002-2568-3253
Department of Informatics, Bioengineering,
Robotics and Systems Engineering (DIBRIS)
University of Genoa
Genoa, Italy
[email protected]
## Abstract
Teleoperated quadruped robots are increasingly deployed in
safety-critical missions---industrial inspection, military
reconnaissance, and emergency response---yet the security of
communication and control infrastructure linking operators to
remote platforms remains insufficiently characterized. Quadrupeds
present distinct security challenges arising from dynamic stability
constraints, gait-dependent vulnerability windows, substantial
kinetic energy, and elevated operator cog
arXiv
Procedimiento de auditoría de ciberseguridad para sistemas autónomos: metodología, amenazas y mitigaciones
arxiv_fulltext·2025-11-07
Procedimiento de auditoría de ciberseguridad para sistemas autónomos: metodología, amenazas y mitigaciones
## Abstract
El despliegue de sistemas autónomos ha experimentado un crecimiento notable en los últimos años, impulsado por su integración en sectores como la industria, la medicina, la logística o el ámbito doméstico. Esta expansión llega acompañada de una serie de problemas de seguridad que adquieren un elevado riesgo debido a la criticidad de los sistemas autónomos, especialmente aquellos que operan en entornos de interacción con humanos. Además, el avance tecnológico y la elevada complejidad operacional y arquitectónica de los sistemas autónomos tiene como consecuencia un aumento en su superficie de ataque. En este artículo se presenta un procedimiento específico de auditoría de seguridad para sistemas autónomos, basado en una metodología estructurada por capas, una taxonomía de amenaz
2025-10-22
Published