CVE-2025-9228

Published: Aug 20, 2025Modified: Nov 5, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: 1b7e193f-2525-49a1-b171-84af8827c9eb (Secondary)

Description

MiR software versions prior to version 3.0.0 have insufficient authorization controls when creating text notes, allowing low-privilege users to create notes which are intended only for administrative users.

Related CWEs

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (2)

https://mobile-industrial-robots.com/security-advisories/insufficient-authorization-when-creating-notes

Source: 1b7e193f-2525-49a1-b171-84af8827c9eb

https://supportportal.mobile-industrial-robots.com/documentation/mir-cybersecurity-guide/mir-cybersecurity-guide/

Source: 1b7e193f-2525-49a1-b171-84af8827c9eb

Timeline

No history available yet.