CVE-2025-66398 is an OS command injection vulnerability classified under CWE-78 and CWE-913 affecting the SignalK signalk-server, a server application typically deployed on central hubs in boats to manage maritime data. The vulnerability exists in versions prior to 2.19.0 and allows an unauthenticated attacker to interact with the /skServer/validateBackup endpoint to manipulate the internal state variable restoreFilePath. By polluting this state, the attacker can hijack the administrator’s restore functionality, causing critical server configuration files such as security.json and package.json to be overwritten. This manipulation can lead to account takeover by altering security configurations and ultimately enables remote code execution (RCE) on the server. The attack vector requires no privileges (PR:N) and no authentication, but user interaction (UI:R) is necessary to trigger the restore process. The vulnerability affects confidentiality, integrity, and availability severely, as indicated by its CVSS 3.1 score of 9.7. Although no known exploits are reported in the wild yet, the critical nature and ease of exploitation make it a high-risk threat. The vulnerability was publicly disclosed and patched in version 2.19.0 of the signalk-server.

For European organizations, especially those involved in maritime operations, this vulnerability poses a significant risk. SignalK servers are commonly used in marine environments to aggregate and distribute navigational and operational data. Exploitation could lead to unauthorized access to sensitive vessel data, manipulation of navigation or security configurations, and full system compromise via remote code execution. This could disrupt vessel operations, compromise crew safety, and lead to data breaches or sabotage. The impact extends to port authorities, maritime logistics companies, and any European entity relying on SignalK infrastructure for critical maritime functions. Given the criticality of maritime transport in Europe’s economy and security, exploitation could have cascading effects on supply chains and national security interests.

The primary mitigation is to upgrade all affected SignalK signalk-server instances to version 2.19.0 or later, where the vulnerability is patched. Network segmentation should be enforced to restrict access to the /skServer/validateBackup endpoint, ideally limiting it to trusted administrative networks or VPNs. Implement strict monitoring and alerting for unusual restore operations or unexpected changes to configuration files such as security.json and package.json. Employ application-layer firewalls or intrusion detection systems capable of detecting anomalous requests targeting the vulnerable endpoint. Additionally, enforce strong access controls and multi-factor authentication on administrative interfaces to reduce the risk of privilege escalation. Regularly audit server configurations and logs for signs of compromise. Finally, educate maritime IT staff about the risks and signs of exploitation related to this vulnerability.