CVE-2025-47418 MEDIUM

CVE-2025-47418: Recording

Vendor Crestron

Product Automate VX

Weakness CWE-200 · Info exposure

Published May 6, 2025

Last update May 7, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Crestron Automate VX allows Functionality Misuse. There is no visible indication when the system is recording and recording can be enabled remotely via a network API. This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49.

Key dates

02Disclosure timeline

May 6, 2025 CVE published

May 7, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-47418 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

Identifiers

CVE CVE-2025-47418

CWE CWE-200

CVSS 5.3 / MEDIUM

Affected versions