Command Injection Vulnerability in Ghost Robotics Vision 60 by Ghost Robotics
CVE-2025-41108

9.2CRITICAL

Key Information:

Vendor: Ghost Robotics
Status: Vision 60
Vendor: CVE Published:; 22 October 2025

🔔 Create Ghost Robotics Vulnerability Alert

What is CVE-2025-41108?

The Ghost Robotics Vision 60 version 0.27.2 is vulnerable due to its insecure communication protocol that allows attackers to manipulate commands sent to the robot. By exploiting this weakness, an attacker can impersonate the control tablet and gain unauthorized access, leading to full control over the robotic system. The lack of encryption and authentication facilitates the interception of legitimate traffic, which an attacker can replicate to issue any valid command. This vulnerability is heightened by the use of the widely understood MAVLink protocol, making it critical for users to enhance their security measures, especially when using Wi-Fi and 4G/LTE connectivity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Vision 60 0.27.2

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

CVSS V4

Score:

9.2

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Oct 22, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

Adrián Campazas Vega

Claudia Álvarez Aparicio

Pedro Cabrera Cámara

Miguel Gallego Vara

Javier Valero Martí

JSON

Ghost Robotics

What is CVE-2025-41108?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.