CVE-2025-54964HIGH 8.4EPSS p17.1%

CVE-2025-54964CVE-2025-54964

Description

An issue was discovered in BAE SOCET GXP before 4.6.0.2. An attacker with the ability to interact with the GXP Job Service may inject arbitrary executables. If the Job Service is configured for local-only access, this may allow for privilege escalation in certain situations. If the Job Service is network accessible, this may allow remote command execution.

Scoring

CVSS 3.18.4 (HIGH)
VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.26% probability of exploitation · percentile 17.1% · 2026-06-19T12:03:05Z
Published2025-10-23
Last modified2025-10-28

Underlying weaknesses· 1

CWE-77

References

  1. https://www.baesystems.com/en-us/product/geospatial-exploitation-products
  2. https://www.geospatialexploitationproducts.com/content/socet-gxp/vulnerabilities-disclosure/#cve-2025-54964

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in a Command ('Command Injection')cwe-770%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-54968
CVE
CVE-2025-45854
CVE
CVE-2025-25067
CVE
CVE-2025-4992
CVE
CVE-2025-54945
CVE
CVE-2025-65115
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.