CVE-2025-41109— Use of Hard-coded Credentials vulnerability in Ghost Robotics' Vision 60
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-41109
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Use of Hard-coded Credentials vulnerability in Ghost Robotics' Vision 60
Source: NVD (National Vulnerability Database)
Vulnerability Description
Ghost Robotics Vision 60 v0.27.2 includes, among its physical interfaces, three RJ45 connectors and a USB Type-C port. The vulnerability is due to the lack of authentication mechanisms when establishing connections through these ports. Specifically, with regard to network connectivity, the robot's internal router automatically assigns IP addresses to any device physically connected to it. An attacker could connect a WiFi access point under their control to gain access to the robot's network without needing the credentials for the deployed network. Once inside, the attacker can monitor all its data, as the robot runs on ROS 2 without authentication by default.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用硬编码的凭证
Source: NVD (National Vulnerability Database)
Vulnerability Title
Ghost Robotics Vision 60 信任管理问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Ghost Robotics Vision 60是美国Ghost Robotics公司的一款四足地面机器人。 Ghost Robotics Vision 60 v0.27.2版本存在信任管理问题漏洞,该漏洞源于物理接口缺乏身份验证机制,可能导致攻击者通过连接WiFi接入点访问机器人网络并监控所有数据。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Ghost Robotics | Vision 60 | 0.27.2 | - |
II. Public POCs for CVE-2025-41109
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-41109
请登录查看更多情报信息。
Same Patch Batch · Ghost Robotics · 2025-10-22 · 3 CVEs total
| CVE-2025-41108 | Improper Authentication vulnerability in Ghost Robotics' Vision 60 | |
| CVE-2025-41110 | Improper Authentication vulnerability in Ghost Robotics' Vision 60 |
IV. Related Vulnerabilities
Same weakness: CWE-798
- CVE-2026-7414
Hardcoded credentials in Yarbo robot firmware - CVE-2026-8032
PicoTronica e-Clinic Healthcare System ECHS echs.js hard-cod - CVE-2026-32834
Easy PayPal Events & Tickets 1.3 Authentication Bypass via Q - CVE-2026-42376
D-Link DIR-456U A1 Hardcoded Telnet Backdoor Credentials - CVE-2026-42375
D-Link DIR-600L A1 Hardcoded Telnet Backdoor Credentials
V. Comments for CVE-2025-41109
No comments yet