CVE-2025-54964

Published: Oct 23, 2025Modified: Oct 28, 2025

8.4

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.5 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An issue was discovered in BAE SOCET GXP before 4.6.0.2. An attacker with the ability to interact with the GXP Job Service may inject arbitrary executables. If the Job Service is configured for local-only access, this may allow for privilege escalation in certain situations. If the Job Service is network accessible, this may allow remote command execution.

Affected (1)

Products: Baesystems: Socet Gxp

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Baesystems Socet Gxp	Before 4.6.0.2

Related CWEs

Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References (2)

https://www.baesystems.com/en-us/product/geospatial-exploitation-products

Source: cve@mitre.org

Product

https://www.geospatialexploitationproducts.com/content/socet-gxp/vulnerabilities-disclosure/#cve-2025-54964

Source: cve@mitre.org

Vendor Advisory

Timeline

No history available yet.