CVE-2025-54964 is a security vulnerability identified in BAE Systems' SOCET GXP software versions before 4.6.0.2. SOCET GXP is a geospatial analysis and imagery exploitation tool widely used in defense, intelligence, and mapping sectors. The vulnerability arises from improper handling of the GXP Job Service, which is responsible for executing jobs or tasks within the software environment. An attacker who can interact with this Job Service can inject arbitrary executables, effectively allowing them to run malicious code. The impact depends on the configuration of the Job Service: if it is restricted to local access only, exploitation may allow privilege escalation, enabling an attacker with limited local access to gain higher system privileges. However, if the Job Service is accessible over the network, the vulnerability escalates to remote code execution, allowing attackers to execute arbitrary commands remotely without prior authentication. This significantly increases the attack surface and risk. The lack of a CVSS score indicates the vulnerability is newly published and not yet fully assessed, but the technical details suggest a critical weakness. No public exploits have been reported, but the potential for exploitation is high given the nature of the flaw. The vulnerability affects confidentiality, integrity, and availability by enabling unauthorized code execution and potential system compromise. SOCET GXP is commonly deployed in sensitive environments, making this vulnerability particularly concerning for organizations handling classified or critical geospatial data.

For European organizations, especially those in defense, intelligence, and geospatial analysis sectors, this vulnerability poses a serious risk. Successful exploitation could lead to unauthorized access to sensitive geospatial data, manipulation or destruction of critical intelligence, and disruption of operational capabilities. Privilege escalation could allow attackers to gain administrative control over affected systems, potentially leading to lateral movement within networks and further compromise. Remote code execution capabilities increase the risk of widespread attacks, including ransomware deployment or espionage activities. Given the strategic importance of geospatial intelligence in European national security and defense, exploitation could have severe operational and reputational consequences. Organizations relying on SOCET GXP must consider the risk of insider threats as well as external attackers exploiting network-exposed Job Services. The lack of known exploits in the wild provides a window for proactive mitigation, but the potential impact remains high.

1. Immediately assess the configuration of the GXP Job Service to determine if it is exposed over the network; if so, restrict access to trusted hosts and networks only. 2. Apply the latest available patches or updates from BAE Systems as soon as they are released, specifically upgrading to version 4.6.0.2 or later. 3. Implement network segmentation and firewall rules to isolate systems running SOCET GXP, minimizing exposure of the Job Service. 4. Employ strict access controls and monitoring on systems hosting the Job Service to detect unauthorized interactions. 5. Conduct regular audits of user privileges and ensure that only necessary personnel have access to the Job Service. 6. Use endpoint detection and response (EDR) tools to monitor for suspicious executable injections or command executions. 7. Educate system administrators and users about the risks of this vulnerability and the importance of not exposing the Job Service externally. 8. Develop and test incident response plans specific to potential exploitation scenarios involving SOCET GXP. 9. Consider deploying application whitelisting to prevent unauthorized executables from running on affected systems. 10. Monitor threat intelligence sources for any emerging exploits or indicators of compromise related to CVE-2025-54964.