CVE-2025-54968 is a vulnerability identified in BAE Systems' SOCET GXP software prior to version 4.6.0.2. SOCET GXP is a geospatial analysis and imagery exploitation tool widely used in defense and intelligence sectors. The vulnerability arises because the SOCET GXP Job Service does not enforce authentication, allowing unauthorized users to submit jobs remotely or locally. In some configurations, these jobs execute with the permissions of other users, potentially including privileged accounts. This lack of authentication (CWE-284) means an attacker with network access can submit arbitrary jobs, leading to unauthorized code execution, data manipulation, or service disruption. The CVSS 3.1 base score of 8.8 reflects the network attack vector (AV:N), low attack complexity (AC:L), low privileges required (PR:L), no user interaction (UI:N), unchanged scope (S:U), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). Although no public exploits are known yet, the vulnerability's characteristics make it a critical risk for organizations relying on SOCET GXP for sensitive geospatial data processing. The issue underscores the importance of proper authentication mechanisms in job submission services to prevent privilege escalation and unauthorized access.

For European organizations, especially those in defense, intelligence, and critical infrastructure sectors, this vulnerability poses a significant risk. SOCET GXP is used for geospatial intelligence and imagery analysis, often involving sensitive or classified data. Exploitation could lead to unauthorized access to sensitive geospatial data, manipulation or destruction of critical intelligence, and disruption of operational workflows. The ability to execute jobs with other users' permissions could allow attackers to escalate privileges, move laterally within networks, and potentially compromise entire systems. This could undermine national security operations, intelligence gathering, and critical decision-making processes. Additionally, the disruption or manipulation of geospatial data could impact emergency response, border security, and infrastructure management. The lack of authentication increases the attack surface, making remote exploitation feasible without user interaction, thus raising the urgency for mitigation in European contexts where SOCET GXP is deployed.

1. Upgrade SOCET GXP to version 4.6.0.2 or later where the authentication issue is resolved. 2. Restrict network access to the SOCET GXP Job Service by implementing network segmentation and firewall rules to limit access only to trusted hosts and users. 3. Implement strict access control policies and monitor job submissions for unusual activity or unauthorized access attempts. 4. Employ intrusion detection and prevention systems (IDS/IPS) to detect anomalous job submission patterns. 5. Conduct regular audits of user permissions and job execution logs to identify potential misuse. 6. Where possible, isolate SOCET GXP environments handling sensitive data from general corporate networks to reduce exposure. 7. Educate system administrators and users about the risks of unauthenticated job submissions and enforce strong operational security practices. 8. Develop incident response plans specifically addressing potential exploitation of this vulnerability to ensure rapid containment and remediation.