CVE-2025-54964 is a command injection vulnerability affecting BAE SOCET GXP software versions prior to 4.6.0.2. The vulnerability arises from insufficient input validation in the GXP Job Service, which processes job requests potentially containing malicious commands. An attacker capable of interacting with this service can inject arbitrary executables, leading to execution of unauthorized code. When the Job Service is restricted to local access only, exploitation can result in privilege escalation, allowing attackers to gain higher system privileges than initially permitted. However, if the Job Service is exposed over a network, the vulnerability escalates to remote code execution (RCE), enabling attackers to execute commands remotely without authentication or user interaction. This vulnerability is categorized under CWE-77, indicating improper neutralization of special elements in commands, which is a common vector for injection attacks. The CVSS v3.1 base score is 8.4, reflecting high severity due to the combination of high impact on confidentiality, integrity, and availability, low attack complexity, and no privileges or user interaction required. No patches or mitigations have been officially released at the time of disclosure, and no active exploits have been reported. The vulnerability poses a significant risk to environments where SOCET GXP is deployed, particularly in sensitive geospatial and defense applications where unauthorized code execution could lead to data breaches, system compromise, or disruption of critical operations.

For European organizations, especially those in defense, intelligence, geospatial analysis, and critical infrastructure sectors, this vulnerability presents a severe risk. SOCET GXP is widely used in military and government agencies for geospatial intelligence and mapping, making these organizations prime targets. Exploitation could lead to unauthorized access to sensitive geospatial data, manipulation or destruction of critical mapping information, and potential disruption of defense operations. The ability to execute arbitrary code remotely without authentication significantly increases the attack surface, enabling attackers to establish persistent footholds, exfiltrate data, or deploy further malware. The privilege escalation aspect also threatens internal security by allowing attackers with limited access to escalate privileges and compromise entire systems. Given the strategic importance of geospatial data in European defense and security, the impact extends beyond individual organizations to national security concerns. Additionally, organizations in sectors relying on SOCET GXP for critical infrastructure planning and management may face operational disruptions and data integrity issues.

1. Immediately restrict access to the GXP Job Service to trusted hosts only, preferably isolating it within internal networks and disabling any unnecessary network exposure. 2. Implement strict network segmentation and firewall rules to prevent unauthorized external access to the Job Service. 3. Monitor logs and network traffic for unusual or unauthorized job submissions that may indicate exploitation attempts. 4. Apply input validation and sanitization controls where possible to detect and block command injection payloads. 5. Engage with BAE Systems for official patches or updates addressing this vulnerability and prioritize their deployment once available. 6. Conduct thorough security audits and penetration testing focused on the Job Service to identify and remediate potential exploitation vectors. 7. Employ endpoint detection and response (EDR) solutions to detect anomalous process executions indicative of injected commands. 8. Train system administrators and security teams on the risks associated with this vulnerability and best practices for secure configuration of SOCET GXP components. 9. Consider temporary disabling or limiting the Job Service functionality if it is not critical to operations until a patch is available. 10. Maintain an incident response plan tailored to potential exploitation scenarios involving SOCET GXP.