CVE-2025-54963 is a directory traversal vulnerability identified in BAE Systems' SOCET GXP software prior to version 4.6.0.2. SOCET GXP is a geospatial analysis and imagery exploitation tool widely used in defense, intelligence, and mapping sectors. The vulnerability arises from insufficient sanitization of file paths submitted via the GXP Job Service interface. An attacker who can interact with this service—requiring at least limited privileges—can craft job requests that include directory traversal sequences (e.g., ../) to access arbitrary files on the host filesystem. Because the Job Service executes these requests with its own permissions, the attacker can read sensitive files that the service account can access, potentially including configuration files, credentials, or other sensitive data. The vulnerability is categorized under CWE-22 (Improper Limitation of a Pathname to a Restricted Directory). The CVSS v3.1 base score is 6.5, reflecting a network attack vector with low attack complexity, requiring privileges but no user interaction, and resulting in high confidentiality impact without affecting integrity or availability. No public exploits have been reported yet, but the vulnerability poses a significant risk to confidentiality in environments where SOCET GXP is deployed. The lack of path sanitization indicates a design flaw that can be exploited remotely by authenticated users, emphasizing the need for strict access controls and timely patching.

For European organizations, particularly those in defense, intelligence, and geospatial analysis sectors that rely on SOCET GXP, this vulnerability could lead to unauthorized disclosure of sensitive information. Exposure of configuration files, credentials, or classified data could compromise operational security and intelligence activities. Since SOCET GXP is used in critical infrastructure mapping and military planning, the confidentiality breach could have strategic consequences. The vulnerability does not allow modification or disruption of services, so integrity and availability impacts are minimal. However, the ability to read arbitrary files remotely increases the risk of further attacks, such as credential theft or reconnaissance for lateral movement. Organizations handling classified or sensitive geospatial data must consider the potential for espionage or data leaks. The medium severity rating suggests a moderate but actionable risk that should be addressed promptly to prevent exploitation.

1. Upgrade SOCET GXP to version 4.6.0.2 or later where the vulnerability is fixed. 2. Restrict access to the GXP Job Service interface to trusted and authenticated users only, employing network segmentation and firewall rules to limit exposure. 3. Implement strict role-based access controls (RBAC) to minimize the number of users who can submit job requests. 4. Monitor and log all interactions with the Job Service for anomalous or suspicious activity indicative of directory traversal attempts. 5. Conduct regular audits of file permissions for the Job Service process to ensure it operates with the least privilege necessary. 6. If patching is delayed, consider deploying application-layer filtering or web application firewalls (WAFs) that can detect and block directory traversal patterns in job requests. 7. Educate administrators and users about the risks of submitting untrusted input to the Job Service and enforce secure coding and configuration practices in custom integrations.