Critical Security Flaw in Ghost Robotics Vision 60: CVE-2025-41108
A recently disclosed vulnerability, CVE-2025-41108 (EUVD-2025-35344), affects the Ghost Robotics Vision 60 platform.
🔍 What Is This Vulnerability?
The vulnerability was discovered in the Ghost Robotics Vision 60, a quadruped robot widely used in military, security, and harsh-terrain operations. Analysis shows that the device’s firmware version v0.27.2 lacks a proper authentication mechanism.
Because of this deficiency, an attacker within range of the robot’s network can remotely connect and send commands to the device. In short: if an attacker can access the same network or intercept the robot’s communication, they may be able to take control of the robot.
Vision 60 is often deployed for autonomous patrols, surveillance, and security checkpoints. Losing control of such a system is not only a digital incident but a physical security risk as well.
The flaw lies in the implementation of the MAVLink protocol used for communication between the robot and its controller. While MAVLink is a common telemetry/command protocol for autonomous vehicles, the implementation here is missing encryption and authentication. That allows an attacker to forge or replay communication packets to deceive the robot.
Technical Summary
Vulnerability ID: CVE-2025-41108 / EUVD-2025-35344
Affected product: Ghost Robotics Vision 60 v0.27.2
Vulnerability type: Improper Authentication (CWE-287)
CVSS score: 9.2 — Critical
Impact: Remote command execution, full system takeover
Potential Consequences
Depending on the deployment scenario, this vulnerability can have various severe impacts:
Military deployments: Mission sabotage through false commands or diversion.
Security operations: Manipulation of camera and sensor feeds, undermining situational awareness.
Industrial use: Disruption of autonomous transport or inspection tasks, causing downtime or physical damage.