CVE-2025-54969 identifies a security vulnerability in BAE Systems' SOCET GXP software, specifically versions before 4.6.0.2. The issue lies in the Job Status Service component, which does not implement protections against Cross-Site Request Forgery (CSRF) attacks. CSRF vulnerabilities allow attackers to induce authenticated users to unknowingly submit unauthorized requests to a web service. In this case, an attacker can craft a malicious link or webpage that, when visited or clicked by a legitimate SOCET GXP user, causes the Job Status Service to process unintended commands or queries. This can lead to unauthorized manipulation of job statuses within the software environment. The attack vector requires social engineering to convince a valid user to interact with malicious content, but does not require the attacker to bypass authentication mechanisms directly. No public exploits have been reported yet, and no CVSS score has been assigned. The vulnerability affects confidentiality and integrity by enabling unauthorized actions that could alter job processing states or leak sensitive operational information. SOCET GXP is widely used in geospatial intelligence and defense sectors, where job status integrity is critical. The lack of CSRF protection represents a significant security oversight that could be exploited to disrupt workflows or gain indirect access to sensitive data. Remediation involves patching the software to a version 4.6.0.2 or later where CSRF protections are implemented, or applying compensating controls such as web application firewalls and user training to reduce social engineering risks.

For European organizations, especially those in defense, intelligence, and geospatial analysis that utilize BAE SOCET GXP, this vulnerability poses a risk of unauthorized manipulation of job status operations. Such manipulation could disrupt critical workflows, degrade operational integrity, and potentially expose sensitive project information. The confidentiality impact arises if job status data includes sensitive metadata or operational details. Integrity is impacted as attackers may alter job statuses without authorization, leading to incorrect or misleading outputs. Availability impact is limited but possible if job status manipulation causes workflow failures or delays. Since exploitation requires user interaction via social engineering, the risk is somewhat mitigated by user awareness but remains significant in targeted attacks. European defense contractors and government agencies relying on SOCET GXP for mission-critical geospatial intelligence are particularly vulnerable. Disruption or data manipulation in these contexts could have strategic consequences. The lack of known exploits currently reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits over time.

1. Apply official patches or upgrade SOCET GXP to version 4.6.0.2 or later once available to ensure CSRF protections are implemented. 2. If patches are not yet available, deploy web application firewalls (WAFs) with rules to detect and block CSRF attack patterns targeting the Job Status Service endpoints. 3. Implement strict Content Security Policy (CSP) headers and SameSite cookie attributes to reduce CSRF attack surface. 4. Conduct targeted user awareness training emphasizing the risks of social engineering and the importance of not clicking suspicious links or visiting untrusted websites. 5. Restrict access to the Job Status Service to trusted networks or VPNs to limit exposure to external attackers. 6. Monitor logs for unusual or unauthorized job status requests that may indicate exploitation attempts. 7. Employ multi-factor authentication (MFA) for SOCET GXP user accounts to reduce risk from compromised credentials, although MFA does not prevent CSRF directly. 8. Coordinate with BAE Systems support for guidance and early access to patches or mitigations.