{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-06T00:01:13.191","vulnerabilities":[{"cve":{"id":"CVE-2025-47418","sourceIdentifier":"25b0b659-c4b4-483f-aecb-067757d23ef3","published":"2025-05-06T21:16:20.737","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Crestron Automate VX allows Functionality Misuse.\n\nThere is no visible indication when the system is recording and recording can be enabled remotely via a network API. \nThis issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49."},{"lang":"es","value":"La vulnerabilidad de exposición de información confidencial a un agente no autorizado en Crestron Automate VX permite el uso indebido de la funcionalidad. No hay ninguna indicación visible cuando el sistema está grabando, y la grabación se puede habilitar remotamente mediante una API de red. Este problema afecta a Automate VX desde la versión 5.6.8161.21536 hasta la 6.4.0.49."}],"metrics":{"cvssMetricV40":[{"source":"25b0b659-c4b4-483f-aecb-067757d23ef3","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"25b0b659-c4b4-483f-aecb-067757d23ef3","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://security.crestron.com/","source":"25b0b659-c4b4-483f-aecb-067757d23ef3"},{"url":"https://www.crestron.com/Software-Firmware/Software/Automate-VX-Software/6-4-1-8","source":"25b0b659-c4b4-483f-aecb-067757d23ef3"},{"url":"https://www.crestron.com/release_notes/automate_vx_6.4.1.8_release_notes.pdf","source":"25b0b659-c4b4-483f-aecb-067757d23ef3"}]}}]}