{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T00:46:58.690","vulnerabilities":[{"cve":{"id":"CVE-2025-47417","sourceIdentifier":"25b0b659-c4b4-483f-aecb-067757d23ef3","published":"2025-05-06T20:15:27.333","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Crestron Automate VX allows Functionality Misuse.\n\n\n\nWhen Enable Debug Images in Crestron Automate VX is active, snapshots of the captured video or portions thereof are stored locally on the system, and there is no visible indication that this is being done.\n\n\nThis issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49."},{"lang":"es","value":"Vulnerabilidad de exposición de información sensible a un actor no autorizado en Crestron Automate VX permite el uso indebido de la funcionalidad. Cuando la opción \"Habilitar imágenes de depuración\" en Crestron Automate VX está activa, las instantáneas del vídeo capturado o fragmentos del mismo se almacenan localmente en el sistema, sin que haya indicios visibles de que esto ocurra. Este problema afecta a Automate VX desde la versión 5.6.8161.21536 hasta la 6.4.0.49."}],"metrics":{"cvssMetricV40":[{"source":"25b0b659-c4b4-483f-aecb-067757d23ef3","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"25b0b659-c4b4-483f-aecb-067757d23ef3","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://security.crestron.com","source":"25b0b659-c4b4-483f-aecb-067757d23ef3"},{"url":"https://www.crestron.com/Software-Firmware/Software/Automate-VX-Software/6-4-1-8","source":"25b0b659-c4b4-483f-aecb-067757d23ef3"},{"url":"https://www.crestron.com/release_notes/automate_vx_6.4.1.8_release_notes.pdf","source":"25b0b659-c4b4-483f-aecb-067757d23ef3"}]}}]}