Information Disclosure Vulnerability in Signal K Server by Signal K
CVE-2025-68273

5.3MEDIUM

Key Information:

Vendor: Signalk
Status: Signalk-server
Vendor: CVE Published:; 1 January 2026

What is CVE-2025-68273?

Signal K Server, an application crucial for marine hubs, contains an unauthenticated information disclosure vulnerability in versions prior to 2.19.0. This flaw allows unauthorized users to access sensitive system data, including the complete Signal K data schema, details about connected serial devices, and installed analyzer tools. Such exposure could serve as a reconnaissance tool for potential attackers, underscoring the importance of upgrading to version 2.19.0, which addresses this security concern.

Affected Version(s)

signalk-server < 2.19.0

References

https://github.com/SignalK/signalk-server/security/adviso...

x_refsource_CONFIRM

https://github.com/SignalK/signalk-server/releases/tag/v2...

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 1, 2026
Vulnerability Reserved
Dec 16, 2025

CVE-2025-68273 Data

JSON

Signalk

What is CVE-2025-68273?

Affected Version(s)

References

CVSS V3.1

Timeline