CVE-2025-54970 is a vulnerability identified in BAE Systems' SOCET GXP software, a geospatial analysis tool widely used in defense and intelligence sectors. The flaw exists in the Job Status Service component prior to version 4.6.0.2, where it fails to authenticate requests properly. This improper authentication allows users with limited privileges—either local or remote—to perform unauthorized actions such as aborting active jobs or reading job information that they do not own. The vulnerability is classified under CWE-284 (Improper Access Control), indicating a failure to enforce correct permission checks. The CVSS v3.1 base score is 6.5 (medium severity), with an attack vector of network (AV:N), low attack complexity (AC:L), requiring privileges (PR:L), no user interaction (UI:N), unchanged scope (S:U), high confidentiality impact (C:H), and no impact on integrity or availability (I:N/A:N). Although no public exploits are currently known, the vulnerability poses a risk of sensitive data exposure and operational disruption within affected environments. The lack of authentication on the Job Status Service could be exploited by insiders or attackers who have gained limited access to the network, enabling them to interfere with job processing or extract sensitive information. No patches were available at the time of disclosure, emphasizing the need for interim mitigations.

For European organizations, particularly those in defense, intelligence, and geospatial analysis, this vulnerability could lead to unauthorized disclosure of sensitive operational data, undermining confidentiality. The ability to abort jobs without proper authorization could disrupt critical workflows, potentially delaying mission-critical analyses or decisions. Although the vulnerability does not directly impact data integrity or system availability, the exposure of sensitive job information could facilitate further attacks or intelligence gathering by adversaries. Given the strategic importance of geospatial intelligence in European security contexts, exploitation could have national security implications. Organizations relying on SOCET GXP in countries with advanced defense sectors or active intelligence operations are at heightened risk. The requirement for limited privileges means that insider threats or attackers who have breached perimeter defenses could exploit this vulnerability, increasing the threat landscape. The absence of known exploits reduces immediate risk but does not eliminate the potential for future attacks.

1. Apply official patches from BAE Systems as soon as they become available to address the authentication flaw in the Job Status Service. 2. Until patches are released, restrict network access to the Job Status Service using firewalls and network segmentation, limiting exposure to trusted users and systems only. 3. Implement strict access controls and monitoring on SOCET GXP environments to detect unauthorized job abort attempts or unusual access patterns. 4. Enforce the principle of least privilege for all users interacting with SOCET GXP, minimizing the number of users with any level of privilege that could be leveraged. 5. Conduct regular audits of job status logs and access records to identify potential misuse or exploitation attempts. 6. Employ intrusion detection systems (IDS) tuned to detect anomalous activity related to job management services. 7. Educate users and administrators about the risks associated with this vulnerability and encourage prompt reporting of suspicious behavior. 8. Consider isolating SOCET GXP systems from general corporate networks to reduce the attack surface.