CVE-2025-47417: Infoleak
First published: Tue May 06 2025(Updated: )
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Crestron Automate VX allows Functionality Misuse. When Enable Debug Images in Crestron Automate VX is active, snapshots of the captured video or portions thereof are stored locally on the system, and there is no visible indication that this is being done. This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49.
Credit: 25b0b659-c4b4-483f-aecb-067757d23ef3
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Crestron Automate VX | >=5.6.8161.21536<=6.4.0.49 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-47417?
The severity of CVE-2025-47417 is considered high due to the potential exposure of sensitive information.
How do I fix CVE-2025-47417?
To mitigate CVE-2025-47417, disable the 'Enable Debug Images' option in Crestron Automate VX.
What types of systems are affected by CVE-2025-47417?
CVE-2025-47417 affects Crestron Automate VX versions between 5.6.8161.21536 and 6.4.0.49.
What information is exposed in CVE-2025-47417?
CVE-2025-47417 allows snapshots of captured video to be stored locally, potentially exposing sensitive visual data.
Can CVE-2025-47417 be exploited remotely?
CVE-2025-47417 requires local access to the system for the exploitation to occur.
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/description
- agent/first-publish-date
- agent/event
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- collector/epss-latest
- source/FIRST
- agent/source
- agent/epss
- agent/tags
- vendor/crestron
- canonical/crestron automate vx