Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-47419

Cleartext Transmission of Sensitive Information vulnerability in Crestron Automate VX allows Sniffing Network Traffic. The device allows Web UI and API access over non-secure network ports which exposes sensitive information such as user passwords. This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49.

Published

2025-05-06T21:16:20.867

Last Modified

2025-05-07T14:13:20.483

Status

Awaiting Analysis

Source

25b0b659-c4b4-483f-aecb-067757d23ef3

Severity

Weaknesses

Type: Secondary
CWE-319

Affected Vendors & Products

References

https://security.crestron.com/ (25b0b659-c4b4-483f-aecb-067757d23ef3)
https://www.crestron.com/Software-Firmware/Software/Automate-VX-Software/6-4-1-8 (25b0b659-c4b4-483f-aecb-067757d23ef3)
https://www.crestron.com/release_notes/automate_vx_6.4.1.8_release_notes.pdf (25b0b659-c4b4-483f-aecb-067757d23ef3)