CVE-2025-68273: Signal K Server Vulnerable to Unauthenticated Information Disclosure via Exposed Endpoints
An unauthenticated information disclosure vulnerability allows any user to retrieve sensitive system information, including the full SignalK data schema, connected serial devices, and installed analyzer tools. This exposure facilitates reconnaissance for further attacks.
References
- github.com/SignalK/signalk-server
- github.com/SignalK/signalk-server/commit/ead2a03d8994969cafcca0320abee16f0e66e7a9
- github.com/SignalK/signalk-server/releases/tag/v2.19.0
- github.com/SignalK/signalk-server/security/advisories/GHSA-fpf5-w967-rr2m
- github.com/advisories/GHSA-fpf5-w967-rr2m
- nvd.nist.gov/vuln/detail/CVE-2025-68273
Code Behaviors & Features
Detect and mitigate CVE-2025-68273 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →