CVE-2025-54968 is a security vulnerability identified in BAE Systems' SOCET GXP software prior to version 4.6.0.2. SOCET GXP is a geospatial imagery exploitation tool widely used in defense, intelligence, and mapping sectors. The vulnerability arises because the SOCET GXP Job Service component does not enforce authentication. This means that in certain configurations, remote attackers can submit jobs to the service without any credentials, potentially causing unauthorized execution of tasks. Additionally, local users can submit jobs that execute with the permissions of other users, leading to privilege escalation. The Job Service typically handles processing tasks related to imagery analysis, so unauthorized job submissions could manipulate or disrupt critical geospatial data processing workflows. Although no public exploits have been reported, the absence of authentication represents a significant security weakness. The vulnerability's impact depends on the deployment environment and network exposure of the Job Service. Since SOCET GXP is used in sensitive environments, exploitation could compromise confidentiality, integrity, and availability of geospatial intelligence data. No CVSS score has been assigned yet, and no patches are currently linked, indicating the need for immediate attention from users of affected versions.

For European organizations, especially those in defense, intelligence, and critical infrastructure sectors, this vulnerability poses a serious risk. Unauthorized job submissions could allow attackers to manipulate geospatial data processing, potentially leading to incorrect intelligence outputs or disruption of operational workflows. Privilege escalation through local job submissions could enable attackers to gain elevated access, compromising system integrity and confidentiality. Given SOCET GXP's role in military and governmental geospatial analysis, exploitation could undermine national security operations or critical decision-making processes. The impact extends to any organization relying on SOCET GXP for sensitive imagery analysis, including mapping agencies and security services. The lack of authentication increases the attack surface, particularly if the Job Service is exposed to less secure network segments. While no known exploits exist yet, the vulnerability's nature suggests a high potential for abuse if weaponized. This could lead to data tampering, denial of service, or unauthorized access to sensitive geospatial information.

Organizations should immediately review their SOCET GXP deployments to identify if the Job Service is exposed to untrusted networks and restrict access accordingly using network segmentation and firewall rules. Until a patch is available, disable or isolate the Job Service if feasible to prevent unauthorized job submissions. Implement strict access controls and monitoring on systems running SOCET GXP to detect anomalous job submissions or privilege escalations. Employ host-based intrusion detection systems to alert on suspicious activity related to the Job Service. Coordinate with BAE Systems for timely updates and apply patches as soon as they are released. Conduct thorough audits of user permissions and ensure that local users do not have unnecessary privileges that could be exploited. Additionally, consider deploying application-layer authentication proxies or VPNs to enforce authentication around the Job Service. Regularly review logs for unauthorized job submissions and investigate any anomalies promptly.