CVE-2025-54970

MEDIUM

BAE SOCET GXP < 4.6.0.2 - Unauthenticated Job Status Service Access

Title source: llm

Description

An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service fails to authenticate requests. In some configurations, this may allow remote or local users to abort jobs or read information without the permissions of the job owner.

References (2)

Core 2

Core References

Product

https://www.baesystems.com/en-us/product/geospatial-exploitation-products

Mitigation, Vendor Advisory

https://www.geospatialexploitationproducts.com/content/socet-gxp/vulnerabilities-disclosure/#cve-2025-54970

Scores

CVSS v3 6.5

EPSS 0.0021

EPSS Percentile 11.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-284

Status published

Products (1)

baesystems/socet_gxp < 4.6.0.2

Published Oct 27, 2025

Tracked Since Feb 18, 2026