{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90733?format=json","vulnerability_id":"VCID-wa14-xed5-z3be","summary":"The Brightpick Internal Logic Control web interface is accessible \nwithout requiring user authentication. An unauthorized user could \nexploit this interface to manipulate robot control functions, including \ninitiating or halting runners, assigning jobs, clearing stations, and \ndeploying storage totes.","aliases":[{"alias":"CVE-2025-64307"}],"fixed_packages":[],"affected_packages":[],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64307","reference_id":"","reference_type":"","scores":[{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15566","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15685","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15717","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15704","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64307"},{"reference_url":"https://brightpick.ai/contact-us/","reference_id":"contact-us","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-17T16:51:23Z/"}],"url":"https://brightpick.ai/contact-us/"},{"reference_url":"https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-04","reference_id":"icsa-25-317-04","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-17T16:51:23Z/"}],"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-04"},{"reference_url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-317-04.json","reference_id":"icsa-25-317-04.json","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-17T16:51:23Z/"}],"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-317-04.json"}],"weaknesses":[{"cwe_id":306,"name":"Missing Authentication for Critical Function","description":"The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources."}],"exploits":[],"severity_range_score":"6.5 - 7.1","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wa14-xed5-z3be"}