CVE-2025-41108 identifies a critical security vulnerability in the Ghost Robotics Vision 60 robot, specifically in version 0.27.2. The root cause is an improper authentication flaw (CWE-287) in the robot's communication protocol, which is based on MAVLink, a widely documented and open protocol used for unmanned vehicles. The protocol implementation lacks encryption and authentication mechanisms, allowing an attacker to capture legitimate command traffic between the robot and its control station (tablet). By intercepting this traffic, an attacker can replay or forge commands from any external device, effectively impersonating the legitimate controller. The robot supports remote connections via Wi-Fi and 4G/LTE, expanding the attack surface to potentially anywhere within network reach. No privileges or user interaction are required to exploit this vulnerability, and the attacker can gain full control over the robot's operations. This could enable unauthorized movement, data exfiltration, or sabotage of robotic functions. The vulnerability was published on October 22, 2025, with a CVSS 4.0 score of 9.2 (critical), reflecting its high impact on confidentiality, integrity, and availability. No patches or mitigations have been officially released by Ghost Robotics at the time of this report, increasing the risk of exploitation. The vulnerability is assigned by INCIBE and is currently not known to be exploited in the wild.

For European organizations, the impact of CVE-2025-41108 is significant, especially for those deploying Ghost Robotics Vision 60 robots in critical infrastructure, industrial automation, security, or research environments. Unauthorized control of these robots could lead to physical damage, disruption of operations, safety hazards, and potential data breaches if the robot collects or transmits sensitive information. The lack of authentication and encryption means attackers can remotely hijack robots without detection, potentially causing widespread operational failures or enabling espionage. Organizations relying on these robots for perimeter security or hazardous environment monitoring could face increased risk of sabotage or unauthorized surveillance. The vulnerability also undermines trust in robotic systems and could lead to regulatory scrutiny under European cybersecurity and data protection laws. Given the robot’s connectivity via Wi-Fi and 4G/LTE, attacks could originate from remote locations, complicating incident response and attribution.

Until an official patch is released, European organizations should implement several specific mitigations: 1) Isolate Vision 60 robots on dedicated, segmented networks with strict access controls to limit exposure to untrusted devices. 2) Disable or restrict remote access via Wi-Fi and 4G/LTE where possible, or enforce VPN tunnels with strong authentication for remote connections. 3) Employ network monitoring and anomaly detection tools to identify unusual command traffic patterns indicative of replay or spoofing attacks. 4) Use MAC address filtering and network-level authentication to restrict devices that can communicate with the robot. 5) Regularly audit and update firmware and software to the latest versions once patches become available. 6) Engage with Ghost Robotics for timely vulnerability disclosures and updates. 7) Train operational staff on recognizing signs of robotic compromise and incident response procedures. These measures go beyond generic advice by focusing on network architecture, access control, and proactive monitoring tailored to the unique threat posed by this vulnerability.