Back to Explorer

CVE-2025-68273

PUBLISHED
1/1/2026 a0819718-46f1-4df5-94e2-005712e83aaa

Technical Description

Signal K Server is a server application that runs on a central hub in a boat. An unauthenticated information disclosure vulnerability in versions prior to 2.19.0 allows any user to retrieve sensitive system information, including the full SignalK data schema, connected serial devices, and installed analyzer tools. This exposure facilitates reconnaissance for further attacks. Version 2.19.0 patches the issue.

Affected Products

SignalK
signalk-server
< 2.19.0

References

https://github.com/SignalK/signalk-server/security/advisories/GHSA-fpf5-w967-rr2m
https://github.com/SignalK/signalk-server/security/advisories/GHSA-fpf5-w967-rr2m
https://github.com/SignalK/signalk-server/releases/tag/v2.19.0
https://github.com/SignalK/signalk-server/releases/tag/v2.19.0
5.3 CVSS v3.1
MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Impact Analysis

Attack Vector Network
Attack Complexity Low
Privileges Required None