CVE-2025-41110 – Encrypted WiFi and SSH credentials are exposed ... (How to Fix)

Q: What is the severity of CVE-2025-41110?

CVE-2025-41110 has a CVSS score of 8.8 (HIGH). Encrypted WiFi and SSH credentials are exposed in the Ghost Robotics Vision 60 APK, allowing attackers to connect to the robot's WiFi network and gain full SSH access. This affects users of Ghost Robotics Vision 60 robots running vulnerable software, potentially enabling physical damage to the robot or its surroundings.

📋 TL;DR

Encrypted WiFi and SSH credentials are exposed in the Ghost Robotics Vision 60 APK, allowing attackers to connect to the robot's WiFi network and gain full SSH access. This affects users of Ghost Robotics Vision 60 robots running vulnerable software, potentially enabling physical damage to the robot or its surroundings.

💻 Affected Systems

Products:

Ghost Robotics Vision 60

Versions: v0.27.2 APK

Operating Systems: Android (APK)

Default Config Vulnerable: ⚠️ Yes

Notes: ROS 2 runs without default authentication, exacerbating the credential exposure issue.

📦 What is this software?

Vision 60 Firmware by Ghostrobotics

View all CVEs affecting Vision 60 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains full control of the robot, causing physical damage to the robot itself or injuring people in its environment through malicious movement or manipulation.

🟠

Likely Case

Unauthorized access to robot's data and control systems, enabling surveillance, data theft, or disruption of operations.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing unauthorized connections.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Attack requires extracting credentials from APK and connecting to robot's WiFi network.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-ghost-robotics-vision-60

Restart Required: No

Instructions:

1. Contact Ghost Robotics for updated APK. 2. Remove old APK from devices. 3. Install updated version. 4. Change all WiFi and SSH credentials.

🔧 Temporary Workarounds

Network Isolation

all

Isolate robot WiFi network from other networks using VLANs or physical separation

Credential Rotation

linux

Change all WiFi and SSH credentials immediately

ssh user@robot_ip
passwd
configure new WiFi credentials via robot interface

🧯 If You Can't Patch

Disable robot WiFi and use wired connections only
Implement strict network access controls and monitoring for unauthorized connections

🔍 How to Verify

Check if Vulnerable:

Check APK version on connected devices - if v0.27.2, system is vulnerable

Check Version:

Check APK version in Android settings or app info

Verify Fix Applied:

Verify new APK version is installed and test that old credentials no longer work

📡 Detection & Monitoring

Log Indicators:

Unauthorized SSH login attempts
Unknown devices connecting to robot WiFi
ROS 2 authentication failures

Network Indicators:

Unexpected SSH connections to robot IP
Unauthorized devices on robot WiFi network

SIEM Query:

source="robot_logs" AND (event="ssh_failed_login" OR event="wifi_unknown_device")

📊 Metadata

CVE ID: CVE-2025-41110

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-287

EPSS Score: 0.04% exploit probability (10.7th percentile)

Published: October 22, 2025

Last Updated: October 30, 2025

🔗 References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-ghost-robotics-vision-60 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-41110, you might also want to check these: