{"cve":{"cve_id":"CVE-2025-64307","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.0022,"epss_percentile":0.12317,"epss_as_of":"2026-06-23","description":"The Brightpick Internal Logic Control web interface is accessible without requiring user authentication. An unauthorized user could exploit this interface to manipulate robot control functions, including initiating or halting runners, assigning jobs, clearing stations, and deploying storage totes.","published_at":"2025-11-14T23:34:59.659000Z","last_modified_at":null,"cvss_v3_score":6.5,"cvss_v3_vector":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","cvss_v3_severity":"MEDIUM","cvss_v4_score":7.1,"cvss_v4_vector":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N","cvss_v4_severity":"HIGH","ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-306"],"nvd_references":["https://brightpick.ai/contact-us/","https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-04","https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-317-04.json"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:28:07.953076Z"},"effective_severity":"HIGH","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"A","value_label":"Adjacent"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"N","value_label":"None"},{"metric":"I","name":"Integrity","value":"H","value_label":"High"},{"metric":"A","name":"Availability","value":"N","value_label":"None"}]},"cvss_v4_decoded":{"version":"4.0","metrics":[{"metric":"AV","name":"Attack Vector","value":"A","value_label":"Adjacent"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"AT","name":"Attack Requirements","value":"N","value_label":"None"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"VC","name":"Confidentiality (Vulnerable System)","value":"N","value_label":"None"},{"metric":"VI","name":"Integrity (Vulnerable System)","value":"H","value_label":"High"},{"metric":"VA","name":"Availability (Vulnerable System)","value":"N","value_label":"None"},{"metric":"SC","name":"Confidentiality (Subsequent System)","value":"N","value_label":"None"},{"metric":"SI","name":"Integrity (Subsequent System)","value":"N","value_label":"None"},{"metric":"SA","name":"Availability (Subsequent System)","value":"N","value_label":"None"}]},"affected":[{"vendor_slug":"brightpick-ai","vendor_name":"Brightpick AI","product_slug":"brightpick-mission-control-internal-logic-control","product_name":"Brightpick Mission Control / Internal Logic Control","version_start":"0","version_start_inclusive":true,"version_end":"1.67.0","version_end_inclusive":false,"cpe23_uri":"cve5:brightpick-ai:brightpick-mission-control-internal-logic-control:0:1.67.0"},{"vendor_slug":"brightpick-ai","vendor_name":"Brightpick AI","product_slug":"brightpick-mission-control-internal-logic-control","product_name":"Brightpick Mission Control / Internal Logic Control","version_start":"1.67.0","version_start_inclusive":true,"version_end":"1.67.0","version_end_inclusive":true,"cpe23_uri":"cve5:brightpick-ai:brightpick-mission-control-internal-logic-control:1.67.0:1.67.0"}],"exploit_refs":[],"news":[],"references":[{"url":"https://brightpick.ai/contact-us/","source_type":"MISC","tags":[]},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-04","source_type":"VENDOR_ADVISORY","tags":["advisory"]},{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-317-04.json","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2025-11-14T23:34:59.659000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:48:56.386827Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:48:56.386827Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:48:56.386827Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:48:56.386827Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:48:56.386827Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:48:56.386827Z","label":"CVSS score revised","source":"cvelistv5"}]}