CVE-2025-41108 – CVE-2025-41108 allows attackers to gain full un... (How to Fix)

Q: What is the severity of CVE-2025-41108?

CVE-2025-41108 has a CVSS score of 9.8 (CRITICAL). CVE-2025-41108 allows attackers to gain full unauthorized control of Ghost Robotics Vision 60 robots by impersonating legitimate control stations. This is possible because the MAVLink-based communication protocol lacks encryption and authentication. Organizations using Ghost Robotics Vision 60 robots for security, military, or industrial applications are affected.

📋 TL;DR

CVE-2025-41108 allows attackers to gain full unauthorized control of Ghost Robotics Vision 60 robots by impersonating legitimate control stations. This is possible because the MAVLink-based communication protocol lacks encryption and authentication. Organizations using Ghost Robotics Vision 60 robots for security, military, or industrial applications are affected.

💻 Affected Systems

Products:

Ghost Robotics Vision 60

Versions: v0.27.2 and likely earlier versions

Operating Systems: Robot firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments using the vulnerable communication protocol are affected regardless of configuration.

📦 What is this software?

Vision 60 Firmware by Ghostrobotics

View all CVEs affecting Vision 60 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete takeover of robot allowing physical damage, surveillance, weaponization, or disruption of critical operations.

🟠

Likely Case

Unauthorized movement, data collection, or disruption of robot functions from nearby attackers.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls in place.

🌐 Internet-Facing: HIGH - Attackers can exploit via Wi-Fi or 4G/LTE connections from anywhere.

🏢 Internal Only: HIGH - Even internal attackers can exploit due to lack of authentication.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

MAVLink protocol is well-documented and traffic capture/replay requires minimal technical skill.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-ghost-robotics-vision-60

Restart Required: Yes

Instructions:

1. Monitor Ghost Robotics for security updates. 2. Apply firmware patches when available. 3. Restart robots after patching.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate robot control networks from untrusted networks

Disable Remote Connections

all

Disable Wi-Fi and 4G/LTE connectivity when not required

🧯 If You Can't Patch

Physically isolate robots in controlled environments
Implement strict network access controls and monitor for unauthorized connections

🔍 How to Verify

Check if Vulnerable:

Check if robot is running Vision 60 v0.27.2 or earlier and uses MAVLink protocol without encryption/authentication.

Check Version:

Check robot firmware version via control interface or manufacturer documentation.

Verify Fix Applied:

Verify firmware version is updated beyond v0.27.2 and communication uses authenticated/encrypted channels.

📡 Detection & Monitoring

Log Indicators:

Unauthorized control commands
Connection attempts from unknown IPs
MAVLink traffic from unexpected sources

Network Indicators:

Unencrypted MAVLink traffic on robot control ports
Traffic replay patterns
Connections from unauthorized networks

SIEM Query:

source_ip NOT IN (authorized_controllers) AND protocol="MAVLink" AND dest_ip IN (robot_ips)

📊 Metadata

CVE ID: CVE-2025-41108

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-287

EPSS Score: 0.05% exploit probability (15.3th percentile)

Published: October 22, 2025

Last Updated: October 31, 2025

🔗 References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-ghost-robotics-vision-60 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-41108, you might also want to check these: