CVE-2025-54970 – An authentication bypass vulnerability in BAE S... (How to Fix)

Q: What is the severity of CVE-2025-54970?

CVE-2025-54970 has a CVSS score of 6.5 (MEDIUM). An authentication bypass vulnerability in BAE SOCET GXP Job Status Service allows unauthorized users to abort jobs or access job information without proper permissions. This affects SOCET GXP installations before version 4.6.0.2. Both remote and local attackers could exploit this depending on configuration.

📋 TL;DR

An authentication bypass vulnerability in BAE SOCET GXP Job Status Service allows unauthorized users to abort jobs or access job information without proper permissions. This affects SOCET GXP installations before version 4.6.0.2. Both remote and local attackers could exploit this depending on configuration.

💻 Affected Systems

Products:

BAE Systems SOCET GXP

Versions: All versions before 4.6.0.2

Operating Systems: Windows, Linux (if applicable for SOCET GXP deployment)

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the Job Status Service component. Impact varies based on whether service is network-accessible and job sensitivity.

📦 What is this software?

Socet Gxp by Baesystems

View all CVEs affecting Socet Gxp →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Unauthorized users could disrupt critical geospatial analysis workflows by aborting jobs, potentially causing operational delays or data loss in sensitive military/intelligence operations.

🟠

Likely Case

Unauthorized users accessing job status information they shouldn't see, potentially exposing sensitive geospatial data or operational details.

🟢

If Mitigated

Limited to job status information disclosure and job disruption within controlled environments with proper network segmentation.

🌐 Internet-Facing: MEDIUM - If SOCET GXP is exposed to internet, attackers could disrupt operations, but impact is limited to job control rather than full system compromise.

🏢 Internal Only: HIGH - In internal networks, this allows privilege escalation and unauthorized access to sensitive job information across the organization.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

No authentication required to exploit. Attackers need network access to Job Status Service endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.6.0.2 or later

Vendor Advisory: https://www.geospatialexploitationproducts.com/content/socet-gxp/vulnerabilities-disclosure/#cve-2025-54970

Restart Required: Yes

Instructions:

1. Download SOCET GXP 4.6.0.2 or later from BAE Systems. 2. Backup current installation. 3. Run installer with administrative privileges. 4. Restart SOCET GXP services. 5. Verify Job Status Service authentication is enabled.

🔧 Temporary Workarounds

Network Access Control

all

Restrict network access to SOCET GXP Job Status Service using firewall rules

# Windows Firewall: New-NetFirewallRule -DisplayName 'Block SOCET Job Service' -Direction Inbound -LocalPort [PORT] -Protocol TCP -Action Block
# Linux iptables: iptables -A INPUT -p tcp --dport [PORT] -j DROP

Service Isolation

all

Run SOCET GXP in isolated network segment with strict access controls

🧯 If You Can't Patch

Implement strict network segmentation to isolate SOCET GXP from untrusted networks
Implement additional authentication layer (reverse proxy with auth) in front of Job Status Service
Monitor Job Status Service logs for unauthorized access attempts
Implement least privilege access controls for SOCET GXP users

🔍 How to Verify

Check if Vulnerable:

Check SOCET GXP version via Help > About. If version is below 4.6.0.2, system is vulnerable. Test by attempting unauthenticated access to Job Status Service endpoint.

Check Version:

In SOCET GXP: Help > About, or check installation directory version files

Verify Fix Applied:

After patching, verify version is 4.6.0.2+. Attempt unauthenticated access to Job Status Service - should receive authentication error.

📡 Detection & Monitoring

Log Indicators:

Failed authentication attempts to Job Status Service
Job abort events from unauthorized users
Unusual job status queries from unexpected IPs

Network Indicators:

Unencrypted traffic to Job Status Service port
Job control commands from unauthorized sources

SIEM Query:

source='socet_gxp_logs' AND (event_type='job_abort' OR event_type='job_query') AND user='unknown' OR auth_result='failed'

📊 Metadata

CVE ID: CVE-2025-54970

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-284

EPSS Score: 0.04% exploit probability (11.3th percentile)

Published: October 27, 2025

Last Updated: October 31, 2025

🔗 References

https://www.baesystems.com/en-us/product/geospatial-exploitation-products Product
https://www.geospatialexploitationproducts.com/content/socet-gxp/vulnerabilities-disclosure/#cve-2025-54970 Mitigation,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-54970, you might also want to check these: