Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
5 vulnerabilities by Mobile Industrial Robots
CVE-2025-9229 (GCVE-0-2025-9229)
Vulnerability from cvelistv5 – Published: 2025-08-20 08:36 – Updated: 2025-11-05 12:09
VLAI
Title
Information Disclosure in MiR robots and MiR fleet through verbose error pages
Summary
Information disclosure vulnerability in error handling in MiR software prior to version 3.0.0 allows unauthenticated attackers to view detailed error information, such as file paths and other data, via access to verbose error pages.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://mobile-industrial-robots.com/security-adv… | vendor-advisory |
| https://supportportal.mobile-industrial-robots.co… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Mobile Industrial Robots | MiR Robots |
Affected:
0 , < 3.0.0
(semver)
|
|
| Mobile Industrial Robots | MiR Fleet |
Affected:
0 , < 3.0.0
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9229",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-20T15:22:09.195431Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T15:22:18.229Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MiR Robots",
"vendor": "Mobile Industrial Robots",
"versions": [
{
"lessThan": "3.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MiR Fleet",
"vendor": "Mobile Industrial Robots",
"versions": [
{
"lessThan": "3.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Lockheed Martin Red Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Information disclosure vulnerability in error handling in MiR software prior to version 3.0.0 allows unauthenticated attackers to view detailed error information, such as file paths and other data, via access to verbose error pages."
}
],
"value": "Information disclosure vulnerability in error handling in MiR software prior to version 3.0.0 allows unauthenticated attackers to view detailed error information, such as file paths and other data, via access to verbose error pages."
}
],
"impacts": [
{
"capecId": "CAPEC-212",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-212 Functionality Misuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209 Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-05T12:09:23.900Z",
"orgId": "1b7e193f-2525-49a1-b171-84af8827c9eb",
"shortName": "TRO"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://mobile-industrial-robots.com/security-advisories/information-disclosure"
},
{
"url": "https://supportportal.mobile-industrial-robots.com/documentation/mir-cybersecurity-guide/mir-cybersecurity-guide/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to the newest software version, at least version 3.0.0\n\n\n\u003cbr\u003e"
}
],
"value": "Update to the newest software version, at least version 3.0.0"
}
],
"source": {
"advisory": "MSA-17",
"discovery": "EXTERNAL"
},
"title": "Information Disclosure in MiR robots and MiR fleet through verbose error pages",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eIf you cannot immediately update to the recommended version, we recommend the following compensating \nmeasures:\u003c/div\u003e\u003cdiv\u003e1. Operate the MiR system in a segmented and secured network with strict firewall rules\u003c/div\u003e\u003cdiv\u003e2. Secure user accounts on the MiR system as recommended in the MiR Cybersecurity Guide\n\n\n\u003c/div\u003e"
}
],
"value": "If you cannot immediately update to the recommended version, we recommend the following compensating \nmeasures:\n\n1. Operate the MiR system in a segmented and secured network with strict firewall rules\n\n2. Secure user accounts on the MiR system as recommended in the MiR Cybersecurity Guide"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1b7e193f-2525-49a1-b171-84af8827c9eb",
"assignerShortName": "TRO",
"cveId": "CVE-2025-9229",
"datePublished": "2025-08-20T08:36:57.846Z",
"dateReserved": "2025-08-20T08:29:15.175Z",
"dateUpdated": "2025-11-05T12:09:23.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-9228 (GCVE-0-2025-9228)
Vulnerability from cvelistv5 – Published: 2025-08-20 08:24 – Updated: 2025-11-05 12:08
VLAI
Title
Insufficient authorization when creating notes
Summary
MiR software versions prior to version 3.0.0 have insufficient authorization controls when creating text notes,
allowing low-privilege users to create notes which are intended only for administrative users.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://mobile-industrial-robots.com/security-adv… | vendor-advisory |
| https://supportportal.mobile-industrial-robots.co… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Mobile Industrial Robots | MiR Robots |
Affected:
0 , < 3.0.0
(semver)
|
|
| Mobile Industrial Robots | MiR Fleet |
Affected:
0 , < 3.0.0
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9228",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-20T15:23:30.523444Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T15:23:37.679Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MiR Robots",
"vendor": "Mobile Industrial Robots",
"versions": [
{
"lessThan": "3.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MiR Fleet",
"vendor": "Mobile Industrial Robots",
"versions": [
{
"lessThan": "3.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Lockheed Martin Red Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "MiR software versions prior to version 3.0.0 have insufficient authorization controls when creating text notes, \nallowing low-privilege users to create notes which are intended only for administrative users."
}
],
"value": "MiR software versions prior to version 3.0.0 have insufficient authorization controls when creating text notes, \nallowing low-privilege users to create notes which are intended only for administrative users."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-05T12:08:35.758Z",
"orgId": "1b7e193f-2525-49a1-b171-84af8827c9eb",
"shortName": "TRO"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://mobile-industrial-robots.com/security-advisories/insufficient-authorization-when-creating-notes"
},
{
"url": "https://supportportal.mobile-industrial-robots.com/documentation/mir-cybersecurity-guide/mir-cybersecurity-guide/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to the newest software version, at least version 3.0.0\n\n\n\u003cbr\u003e"
}
],
"value": "Update to the newest software version, at least version 3.0.0"
}
],
"source": {
"advisory": "MSA-15",
"discovery": "EXTERNAL"
},
"title": "Insufficient authorization when creating notes",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eIf you cannot immediately update to the recommended version, we recommend the following compensating \nmeasures:\u003c/div\u003e\u003cdiv\u003e1. Operate the MiR system in a segmented and secured network with strict firewall rules\u003c/div\u003e\u003cdiv\u003e2. Secure user accounts on the MiR system as recommended in the MiR Cybersecurity Guide\n\n\u003c/div\u003e"
}
],
"value": "If you cannot immediately update to the recommended version, we recommend the following compensating \nmeasures:\n\n1. Operate the MiR system in a segmented and secured network with strict firewall rules\n\n2. Secure user accounts on the MiR system as recommended in the MiR Cybersecurity Guide"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1b7e193f-2525-49a1-b171-84af8827c9eb",
"assignerShortName": "TRO",
"cveId": "CVE-2025-9228",
"datePublished": "2025-08-20T08:24:33.175Z",
"dateReserved": "2025-08-20T08:15:31.511Z",
"dateUpdated": "2025-11-05T12:08:35.758Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-9225 (GCVE-0-2025-9225)
Vulnerability from cvelistv5 – Published: 2025-08-20 07:26 – Updated: 2025-11-05 12:07
VLAI
Title
Cross-site scripting (XSS) in MiR robots and MiR fleet
Summary
Stored cross-site scripting (XSS) in the web interface of MiR software versions prior to 3.0.0 on MiR Robots and MiR Fleet allows execution of arbitrary JavaScript code in a victim’s browser
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://mobile-industrial-robots.com/security-adv… | vendor-advisory |
| https://supportportal.mobile-industrial-robots.co… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Mobile Industrial Robots | MiR Robots |
Affected:
0 , < 3.0.0
(semver)
|
|
| Mobile Industrial Robots | MiR Fleet |
Affected:
0 , < 3.0.0
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9225",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-20T17:21:20.367826Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T17:27:46.640Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MiR Robots",
"vendor": "Mobile Industrial Robots",
"versions": [
{
"lessThan": "3.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MiR Fleet",
"vendor": "Mobile Industrial Robots",
"versions": [
{
"lessThan": "3.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Lockheed Martin Red Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Stored cross-site scripting (XSS) in the web interface of MiR software versions prior to 3.0.0 on MiR Robots and MiR Fleet allows execution of arbitrary JavaScript code in a victim\u2019s browser"
}
],
"value": "Stored cross-site scripting (XSS) in the web interface of MiR software versions prior to 3.0.0 on MiR Robots and MiR Fleet allows execution of arbitrary JavaScript code in a victim\u2019s browser"
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-05T12:07:24.766Z",
"orgId": "1b7e193f-2525-49a1-b171-84af8827c9eb",
"shortName": "TRO"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://mobile-industrial-robots.com/security-advisories/cross-site-scripting"
},
{
"url": "https://supportportal.mobile-industrial-robots.com/documentation/mir-cybersecurity-guide/mir-cybersecurity-guide/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to the newest software version, at least version 3.0.0"
}
],
"value": "Update to the newest software version, at least version 3.0.0"
}
],
"source": {
"advisory": "MSA-14",
"discovery": "EXTERNAL"
},
"title": "Cross-site scripting (XSS) in MiR robots and MiR fleet",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "If you cannot immediately update to the recommended version, we recommend the following compensating \nmeasures:\n1. Operate the MiR system in a segmented and secured network with strict firewall rules\n2. Secure user accounts on the MiR system as recommended in the MiR Cybersecurity Guide."
}
],
"value": "If you cannot immediately update to the recommended version, we recommend the following compensating \nmeasures:\n1. Operate the MiR system in a segmented and secured network with strict firewall rules\n2. Secure user accounts on the MiR system as recommended in the MiR Cybersecurity Guide."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1b7e193f-2525-49a1-b171-84af8827c9eb",
"assignerShortName": "TRO",
"cveId": "CVE-2025-9225",
"datePublished": "2025-08-20T07:26:01.629Z",
"dateReserved": "2025-08-20T07:11:04.843Z",
"dateUpdated": "2025-11-05T12:07:24.766Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8749 (GCVE-0-2025-8749)
Vulnerability from cvelistv5 – Published: 2025-08-08 11:46 – Updated: 2025-11-05 12:06
VLAI
Title
Path traversal vulnerability in MiR robot software via API requests
Summary
Path Traversal vulnerability in API Endpoint in Mobile Industrial Robots (MiR) Software Versions prior to 3.0.0 on MiR Robots allows authenticated users to extract files from the robot file system via a crafted API request.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://mobile-industrial-robots.com/security-adv… | vendor-advisory |
| https://supportportal.mobile-industrial-robots.co… |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Mobile Industrial Robots | MiR Robots |
Affected:
0 , < 3.0.0
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8749",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-08T14:52:59.034570Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-08T14:53:05.796Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MiR Robots",
"vendor": "Mobile Industrial Robots",
"versions": [
{
"lessThan": "3.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Lockheed Martin Red Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Path Traversal vulnerability in API Endpoint in Mobile Industrial Robots (MiR) Software Versions prior to 3.0.0 on MiR Robots allows authenticated users to extract files from the robot file system via a crafted API request."
}
],
"value": "Path Traversal vulnerability in API Endpoint in Mobile Industrial Robots (MiR) Software Versions prior to 3.0.0 on MiR Robots allows authenticated users to extract files from the robot file system via a crafted API request."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-05T12:06:17.424Z",
"orgId": "1b7e193f-2525-49a1-b171-84af8827c9eb",
"shortName": "TRO"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://mobile-industrial-robots.com/security-advisories/path-traversal"
},
{
"url": "https://supportportal.mobile-industrial-robots.com/documentation/mir-cybersecurity-guide/mir-cybersecurity-guide/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to software version 3.0.0 or newer"
}
],
"value": "Upgrade to software version 3.0.0 or newer"
}
],
"source": {
"advisory": "MSA-13",
"discovery": "UNKNOWN"
},
"title": "Path traversal vulnerability in MiR robot software via API requests",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1b7e193f-2525-49a1-b171-84af8827c9eb",
"assignerShortName": "TRO",
"cveId": "CVE-2025-8749",
"datePublished": "2025-08-08T11:46:16.957Z",
"dateReserved": "2025-08-08T11:22:17.262Z",
"dateUpdated": "2025-11-05T12:06:17.424Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8748 (GCVE-0-2025-8748)
Vulnerability from cvelistv5 – Published: 2025-08-08 11:09 – Updated: 2025-11-05 12:02
VLAI
Title
OS command injection in MiR robots and MiR fleet via crafted HTTP requests
Summary
MiR software versions prior to version 3.0.0 are affected by a command injection vulnerability. A malicious
HTTP request crafted by an authenticated user could allow the execution of arbitrary commands on the
underlying operating system.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://mobile-industrial-robots.com/security-adv… | vendor-advisory |
| https://supportportal.mobile-industrial-robots.co… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Mobile Industrial Robots | MiR Robots |
Affected:
0 , < 3.0.0
(semver)
|
|
| Mobile Industrial Robots | MiR Fleet |
Affected:
0 , < 3.0.0
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8748",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-08T15:36:32.308408Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-08T15:36:48.048Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MiR Robots",
"vendor": "Mobile Industrial Robots",
"versions": [
{
"lessThan": "3.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MiR Fleet",
"vendor": "Mobile Industrial Robots",
"versions": [
{
"lessThan": "3.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Lockheed Martin Red Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eMiR software versions prior to version 3.0.0 are affected by a command injection vulnerability. A malicious \nHTTP request crafted by an authenticated user could allow the execution of arbitrary commands on the \nunderlying operating system.\u003c/div\u003e"
}
],
"value": "MiR software versions prior to version 3.0.0 are affected by a command injection vulnerability. A malicious \nHTTP request crafted by an authenticated user could allow the execution of arbitrary commands on the \nunderlying operating system."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-05T12:02:30.747Z",
"orgId": "1b7e193f-2525-49a1-b171-84af8827c9eb",
"shortName": "TRO"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://mobile-industrial-robots.com/security-advisories/command-injection"
},
{
"url": "https://supportportal.mobile-industrial-robots.com/documentation/mir-cybersecurity-guide/mir-cybersecurity-guide/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to the newest software version, at least version 3.0.0\n\n\u003cbr\u003e"
}
],
"value": "Update to the newest software version, at least version 3.0.0"
}
],
"source": {
"advisory": "MSA-16",
"discovery": "UNKNOWN"
},
"title": "OS command injection in MiR robots and MiR fleet via crafted HTTP requests",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1b7e193f-2525-49a1-b171-84af8827c9eb",
"assignerShortName": "TRO",
"cveId": "CVE-2025-8748",
"datePublished": "2025-08-08T11:09:17.348Z",
"dateReserved": "2025-08-08T11:07:37.364Z",
"dateUpdated": "2025-11-05T12:02:30.747Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}