CVE-2025-54966 is a security vulnerability identified in BAE Systems' SOCET GXP software, a geospatial analysis and imagery exploitation tool widely used in defense and intelligence sectors. The flaw exists in the SOCET GXP Job Status Service prior to version 4.6.0.2, where some endpoints may return sensitive information unintentionally. Specifically, these endpoints can leak local file paths and the version information of the SOCET GXP software. Such information disclosure vulnerabilities do not directly allow code execution or privilege escalation but provide attackers with valuable reconnaissance data that can facilitate further attacks, such as identifying software versions for targeted exploits or mapping internal directory structures. The vulnerability does not require authentication or user interaction, which means it could be exploited remotely if the service endpoints are exposed or accessible within an organization's network. No CVSS score has been assigned yet, and no public exploits have been reported. However, the exposure of internal paths and version details can aid attackers in crafting more effective attacks or social engineering campaigns. The absence of patches at the time of reporting indicates that organizations must rely on compensating controls until updates are released. Given the critical role of SOCET GXP in processing sensitive geospatial intelligence, this vulnerability poses a risk to confidentiality and potentially to operational security if exploited.

For European organizations, especially those involved in defense, aerospace, intelligence, and geospatial analysis, this vulnerability could lead to unauthorized disclosure of sensitive operational details. The leakage of local file paths and software version information can assist threat actors in mapping the internal environment and identifying exploitable software versions, increasing the risk of targeted attacks. While this vulnerability does not directly compromise data integrity or availability, the information disclosed could be leveraged to facilitate more severe attacks, including lateral movement or privilege escalation within networks. European defense contractors and government agencies using SOCET GXP are particularly at risk, as the software is integral to mission-critical geospatial intelligence workflows. The exposure could undermine operational security and confidentiality, potentially impacting national security interests. Additionally, organizations subject to strict data protection regulations like GDPR must consider the implications of any sensitive data leakage and ensure appropriate incident response measures.

1. Monitor for updates and patches from BAE Systems and apply them promptly once available to remediate the vulnerability. 2. Restrict network access to the SOCET GXP Job Status Service endpoints using network segmentation, firewalls, and access control lists to limit exposure only to authorized personnel and systems. 3. Implement strict authentication and authorization controls around SOCET GXP services to prevent unauthorized access. 4. Conduct regular security audits and penetration testing focused on SOCET GXP deployments to identify and remediate any additional information disclosure or security weaknesses. 5. Employ network monitoring and anomaly detection to identify unusual access patterns or reconnaissance attempts targeting SOCET GXP services. 6. Educate system administrators and users about the risks of information disclosure and the importance of safeguarding geospatial intelligence data. 7. Consider disabling or isolating the Job Status Service endpoints if they are not essential to operational workflows until a patch is available. 8. Maintain comprehensive logging and incident response plans tailored to SOCET GXP environments to quickly respond to any exploitation attempts.