CVE-2025-54970 is a security vulnerability identified in BAE Systems' SOCET GXP software prior to version 4.6.0.2. The issue lies in the SOCET GXP Job Status Service, which fails to authenticate incoming requests properly. This authentication failure means that unauthorized users, either remotely or locally, can interact with the service to abort ongoing jobs or read job-related information without possessing the permissions of the legitimate job owner. SOCET GXP is a geospatial analysis and imagery exploitation tool widely used in defense, intelligence, and mapping sectors. The vulnerability could allow attackers to disrupt critical geospatial processing tasks or gain access to sensitive operational data. The lack of authentication enforcement increases the attack surface, as no credentials are required to exploit the flaw. Although no public exploits have been reported, the vulnerability's presence in a critical system component poses a significant risk. The absence of a CVSS score necessitates an assessment based on the impact on confidentiality, integrity, and availability, the ease of exploitation, and the scope of affected systems. The vulnerability affects all installations of SOCET GXP before 4.6.0.2, but specific affected versions are not detailed. The Job Status Service is likely network-accessible in some configurations, which could allow remote exploitation. The flaw could lead to unauthorized job termination, causing denial of service, and unauthorized data disclosure, impacting confidentiality and availability of geospatial data processing.

For European organizations, particularly those involved in defense, intelligence, and geospatial analysis, this vulnerability poses a significant risk. Unauthorized job abortion could disrupt critical workflows, delaying mission-critical geospatial data processing and analysis. The ability to read job information without proper permissions could lead to leakage of sensitive or classified information, undermining operational security and strategic advantages. The impact extends to national security agencies, defense contractors, and governmental mapping agencies that rely on SOCET GXP for imagery exploitation and geospatial intelligence. Disruption or data leakage could affect decision-making processes and compromise sensitive operations. Additionally, the vulnerability could be leveraged by threat actors to conduct espionage or sabotage activities. Given the strategic importance of geospatial intelligence in Europe, the vulnerability could have broader geopolitical implications if exploited by state-sponsored actors or cybercriminal groups targeting European defense infrastructure.

Organizations should prioritize upgrading SOCET GXP to version 4.6.0.2 or later once patches are available from BAE Systems. Until patches are released, network administrators should restrict access to the Job Status Service to trusted hosts only, using network segmentation and firewall rules to limit exposure. Implement strict access controls and monitor logs for unusual job abort requests or unauthorized access attempts. Employ intrusion detection systems to alert on anomalous activity related to the Job Status Service. Conduct regular audits of job processing activities to detect potential abuse. If possible, disable or isolate the Job Status Service in environments where it is not essential. Coordinate with BAE Systems support for guidance on interim mitigations and monitor for updates or advisories. Train operational staff to recognize signs of exploitation and establish incident response plans tailored to geospatial processing disruptions. Consider encrypting sensitive job data and applying role-based access controls within SOCET GXP to minimize data exposure.