CVE-2025-54966 is an information disclosure vulnerability identified in BAE Systems' SOCET GXP software, a geospatial intelligence and imagery analysis tool widely used in defense and intelligence sectors. The vulnerability affects versions prior to 4.6.0.2 and resides in the SOCET GXP Job Status Service. Specifically, some endpoints of this service may return sensitive information under certain conditions, including local file system paths and the exact version of the SOCET GXP software in use. This leakage is classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). The vulnerability requires network access (AV:N) and low privileges (PR:L) but does not require user interaction (UI:N). The scope is unchanged (S:U), meaning the impact is limited to the vulnerable component. The CVSS v3.1 base score is 4.3, indicating medium severity, primarily due to confidentiality impact without affecting integrity or availability. Although no public exploits are known, the disclosure of internal paths and version information can facilitate attackers in crafting targeted attacks or identifying further vulnerabilities. The absence of patches at the time of reporting necessitates interim mitigations. Given SOCET GXP's role in sensitive geospatial analysis, unauthorized disclosure of environment details could have operational security implications.

For European organizations, especially those in defense, intelligence, and geospatial analysis, this vulnerability poses a risk of sensitive information leakage that could aid adversaries in reconnaissance and subsequent exploitation attempts. Disclosure of local file paths may reveal system architecture, deployment configurations, or sensitive project directories, potentially exposing operational details. Version information disclosure can assist attackers in identifying unpatched systems or known vulnerabilities specific to that version. While the vulnerability does not directly compromise data integrity or system availability, the confidentiality breach could undermine operational security and strategic advantage. Organizations handling classified or sensitive geospatial data could face increased risk of targeted cyber espionage or intrusion attempts. The impact is more pronounced in environments where SOCET GXP is integrated with other critical systems or where network segmentation is insufficient.

1. Restrict network access to the SOCET GXP Job Status Service endpoints by implementing strict firewall rules and network segmentation, allowing only trusted hosts and administrators to communicate with the service. 2. Monitor network traffic and logs for unusual or unauthorized queries to the Job Status Service endpoints to detect reconnaissance activities early. 3. Apply the official patch or upgrade to SOCET GXP version 4.6.0.2 or later as soon as it becomes available to remediate the vulnerability. 4. Conduct regular security assessments and penetration tests focusing on SOCET GXP deployments to identify any residual information leakage or misconfigurations. 5. Implement strict access controls and least privilege principles for users interacting with SOCET GXP services to minimize exposure. 6. Educate system administrators and security teams about this vulnerability and the importance of safeguarding geospatial intelligence systems. 7. If patching is delayed, consider deploying web application firewalls (WAFs) or reverse proxies that can filter or block sensitive information in responses from the affected endpoints.