Home > Vulnerability Database > CVE-2025-68273

Mend.io Vulnerability Database

CVE-2025-68273

Good to know:

Date: January 1, 2026

Signal K Server is a server application that runs on a central hub in a boat. An unauthenticated information disclosure vulnerability in versions prior to 2.19.0 allows any user to retrieve sensitive system information, including the full SignalK data schema, connected serial devices, and installed analyzer tools. This exposure facilitates reconnaissance for further attacks. Version 2.19.0 patches the issue.

Severity Score

5.3

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-68273

Url: https://github.com/SignalK/signalk-server/commit/ead2a03d8994969cafcca0320abee16f0e66e7a9

Url: https://github.com/SignalK/signalk-server/security/advisories/GHSA-fpf5-w967-rr2m

Url: https://github.com/SignalK/signalk-server

Url: https://github.com/SignalK/signalk-server/releases/tag/v2.19.0

Url: https://www.mend.io/vulnerability-database/CVE-2025-68273

Severity Score

5.3

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

Top Fix

Upgrade Version

Upgrade to version signalk-server - 2.19.0;https://github.com/SignalK/signalk-server.git - v2.19.0-beta.5

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-68273

Good to know:

Date: January 1, 2026

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?