CVE-2025-68273 MEDIUM

CVE-2025-68273: Signal K Server Vulnerable to Unauthenticated Information Disclosure via Exposed Endpoints

Vendor Signalk
Product signalk-server
Weakness CWE-200 · Info exposure
Published January 1, 2026
Last update January 2, 2026

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Signal K Server is a server application that runs on a central hub in a boat. An unauthenticated information disclosure vulnerability in versions prior to 2.19.0 allows any user to retrieve sensitive system information, including the full SignalK data schema, connected serial devices, and installed analyzer tools. This exposure facilitates reconnaissance for further attacks. Version 2.19.0 patches the issue.

Key dates

02Disclosure timeline

January 1, 2026 CVE published
January 2, 2026 Record updated