CVE-2025-41110HIGH 8.8EPSS p11.7%

CVE-2025-41110CVE-2025-41110

Description

Encrypted WiFi and SSH credentials were found in the Ghost Robotics Vision 60 v0.27.2 APK. This vulnerability allows an attacker to connect to the robot's WiFi and view all its data, as it runs on ROS 2 without default authentication. In addition, the attacker can connect via SSH and gain full control of the robot, which could cause physical damage to the robot itself or its environment.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.21% probability of exploitation · percentile 11.7% · 2026-06-18T12:00:27Z
Published2025-10-22
Last modified2025-10-30

Underlying weaknesses· 2

CWE-287CWE-306

References

  1. https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-ghost-robotics-vision-60

2

TypeTargetConfidenceTier
WeaknessImproper Authenticationcwe-2870%live
WeaknessMissing Authentication for Critical Functioncwe-3060%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-41108
CVE
CVE-2025-65826
CVE
CVE-2025-41656
CVE
CVE-2026-41551
CVE
CVE-2025-54754
CVE
CVE-2025-41648
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.