CVE-2025-47419
CVE-2025-47419
10.0
CriticalPublished:
Last updated:
Source:25b0b659-c4b4-483f-aecb-067757d23ef3
Deferred
Weakness (CWE)
CVSS Vector
v4.0- Attack Vector
- Network
- Attack Complexity
- Low
- Attack Requirements
- None
- Privileges Required
- None
- User Interaction
- None
- Confidentiality (Vulnerable)
- High
- Integrity (Vulnerable)
- High
- Availability (Vulnerable)
- High
- Confidentiality (Subsequent)
- High
- Integrity (Subsequent)
- High
- Availability (Subsequent)
- High
Description
Cleartext Transmission of Sensitive Information vulnerability in Crestron Automate VX allows Sniffing Network Traffic. The device allows Web UI and API access over non-secure network ports which exposes sensitive information such as user passwords. This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49.
References
25b0b659-c4b4-483f-aecb-067757d23ef3
https://security.crestron.com/25b0b659-c4b4-483f-aecb-067757d23ef3
https://www.crestron.com/Software-Firmware/Software/Automate-VX-Software/6-4-1-825b0b659-c4b4-483f-aecb-067757d23ef3
https://www.crestron.com/release_notes/automate_vx_6.4.1.8_release_notes.pdf