Authentication Flaw in Ghost Robotics Vision 60 by Ghost Robotics
CVE-2025-41109

8.7HIGH

Key Information:

Vendor: Ghost Robotics
Status: Vision 60
Vendor: CVE Published:; 22 October 2025

🔔 Create Ghost Robotics Vulnerability Alert

What is CVE-2025-41109?

The Ghost Robotics Vision 60 version 0.27.2 is vulnerable due to inadequate authentication mechanisms on its physical interfaces, including three RJ45 connectors and a USB Type-C port. This flaw allows an adversary to connect unauthorized devices easily, such as a malicious WiFi access point. The robot's internal router can assign IP addresses to devices indiscriminately. Consequently, an attacker can infiltrate the robot's network without needing correct credentials, granting them the ability to monitor sensitive data processed by the robot, which operates on ROS 2 without default authentication.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Vision 60 0.27.2

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Oct 22, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

Adrián Campazas Vega

Claudia Álvarez Aparicio

JSON

Ghost Robotics

What is CVE-2025-41109?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.