Command Injection Vulnerability in MiR Software by Mobile Industrial Robots
CVE-2025-8748

8.8HIGH

Key Information:

Vendor: Mobile Industrial Robots
Status: Mir Robots; Mir Fleet
Vendor: CVE Published:; 8 August 2025

🔔 Create Mobile Industrial Robots Vulnerability Alert

What is CVE-2025-8748?

A command injection vulnerability exists in MiR software versions prior to 3.0.0, allowing an authenticated user to send a specifically crafted HTTP request. This request could lead to the execution of arbitrary commands on the underlying operating system, potentially compromising system integrity and security. Organizations utilizing these vulnerable versions should prioritize upgrading to mitigate these security risks.

Affected Version(s)

MiR Fleet 0 < 3.0.0

MiR Robots 0 < 3.0.0

References

https://a.storyblok.com/f/230581/x/16eefc00b8/msa-16.pdf

vendor-advisory

https://supportportal.mobile-industrial-robots.com/docume...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 8, 2025
Vulnerability Reserved
Aug 8, 2025

Credit

Lockheed Martin Red Team