Vendor
Brightpick
Products
2
CVEs
3
Across products
3
Status
Private
Products
2- 2 CVEs
- 1 CVE
Recent CVEs
3| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-64309 | Hig | 0.56 | 8.6 | 0.00 | Nov 15, 2025 | Brightpick Mission Control discloses device telemetry, configuration, and credential information via WebSocket traffic to unauthenticated users when they connect to a specific URL. The unauthenticated URL can be discovered through basic network scanning techniques. | ||
| CVE-2025-64308 | Hig | 0.49 | 7.5 | 0.00 | Nov 15, 2025 | The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle. | ||
| CVE-2025-64307 | Med | 0.42 | 6.5 | 0.00 | Nov 15, 2025 | The Brightpick Internal Logic Control web interface is accessible without requiring user authentication. An unauthorized user could exploit this interface to manipulate robot control functions, including initiating or halting runners, assigning jobs, clearing stations, and deploying storage totes. |
- risk 0.56cvss 8.6epss 0.00
Brightpick Mission Control discloses device telemetry, configuration, and credential information via WebSocket traffic to unauthenticated users when they connect to a specific URL. The unauthenticated URL can be discovered through basic network scanning techniques.
- risk 0.49cvss 7.5epss 0.00
The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle.
- risk 0.42cvss 6.5epss 0.00
The Brightpick Internal Logic Control web interface is accessible without requiring user authentication. An unauthorized user could exploit this interface to manipulate robot control functions, including initiating or halting runners, assigning jobs, clearing stations, and deploying storage totes.