CVE Catalog

CVE-2025-64308

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.23%

14th percentile - higher than 14% of all known CVEs

Summary

The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle to Brightpick AI's documentation portal.

Risk Assessment

An attacker could use these credentials to gain unauthorized access to the documentation portal, potentially leading to leakage of sensitive information or further attacks on the infrastructure.

Recommendation

Immediately remove the hardcoded credentials from the client-side JavaScript code and replace them with a secure authentication mechanism, such as temporary tokens or OAuth.

Original NVD description (English source)

The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle to Brightpick AI's documentation portal.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS