CVE-2025-54964 is a critical command injection vulnerability affecting BAE SOCET GXP software versions prior to 4.6.0.2. The flaw exists in the GXP Job Service component, which processes job requests potentially containing malicious input. An attacker with the ability to interact with this service can inject arbitrary executables, exploiting insufficient input validation and command sanitization (classified under CWE-77). When the Job Service is configured for local-only access, the vulnerability can be leveraged for privilege escalation, allowing an attacker with limited local access to gain elevated privileges. More critically, if the Job Service is exposed on a network interface, the vulnerability enables unauthenticated remote command execution, allowing attackers to run arbitrary code remotely without user interaction. This broadens the attack surface significantly, as no authentication or user action is required. The vulnerability impacts confidentiality, integrity, and availability of affected systems, as attackers can execute arbitrary commands, potentially leading to data theft, system compromise, or denial of service. Although no public exploits have been reported yet, the high CVSS score (8.4) reflects the ease of exploitation and severe impact. The vulnerability was reserved in August 2025 and published in October 2025, indicating recent discovery. No official patches are listed yet, so mitigation relies on restricting access and monitoring. The affected software is widely used in geospatial intelligence and defense sectors, making it a high-value target for nation-state and advanced threat actors.

The impact of CVE-2025-54964 is substantial for organizations using BAE SOCET GXP, particularly in defense, intelligence, and geospatial analysis sectors. Successful exploitation can lead to full system compromise via remote code execution if the Job Service is network accessible, enabling attackers to execute arbitrary commands with the privileges of the service. This can result in unauthorized data access, manipulation, or destruction, severely compromising confidentiality and integrity. Privilege escalation on local-only configurations can allow attackers to gain administrative control, facilitating further lateral movement and persistence. The availability of critical systems may also be affected if attackers disrupt or disable services. Given the sensitive nature of data processed by SOCET GXP, including classified geospatial intelligence, the consequences could extend to national security risks, espionage, and operational disruptions. The lack of authentication and user interaction requirements lowers the barrier for exploitation, increasing the likelihood of attacks once the vulnerability is known. Organizations worldwide relying on this software face significant operational and reputational risks if unmitigated.

1. Immediately restrict access to the GXP Job Service to trusted, internal networks only, using network segmentation and firewall rules to block external access. 2. Monitor network traffic and system logs for unusual activity related to the Job Service, including unexpected executable launches or command patterns. 3. Apply the official patch from BAE Systems as soon as it becomes available; coordinate with vendor support for early access or workarounds. 4. If patching is delayed, consider disabling the Job Service temporarily if operationally feasible to eliminate the attack surface. 5. Implement application whitelisting on hosts running SOCET GXP to prevent unauthorized executables from running. 6. Employ endpoint detection and response (EDR) solutions to detect and respond to suspicious process executions. 7. Conduct regular vulnerability assessments and penetration testing focusing on the Job Service exposure. 8. Educate system administrators about the risks of exposing internal services and the importance of strict access controls. 9. Use host-based firewalls and access control lists to limit which users and processes can interact with the Job Service. 10. Maintain an incident response plan tailored to potential exploitation scenarios involving SOCET GXP.