CVE-2025-64308 PUBLISHED

Brightpick Mission Control / Internal Logic Control Unprotected Transport of Credentials

Assigner: icscert
Reserved: 29.10.2025 Published: 14.11.2025 Updated: 17.11.2025

The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
CVSS Score: 8.7

Product Status

Vendor Brightpick AI
Product Brightpick Mission Control / Internal Logic Control
Versions Default: unaffected
  • Version All versions is affected

Workarounds

Brightpick AI has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of the affected products are encouraged to contact Brightpick AI https://brightpick.ai/contact-us/ for additional information.

Credits

  • Souvik Kandar reported these vulnerabilities to CISA. finder

References

Problem Types

  • CWE-523 CWE