CVE-2025-68273

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-68273
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68273.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-68273
Aliases
Published
2026-01-01T18:21:51.678Z
Modified
2026-01-08T06:45:27.735535Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
Signal K Server Vulnerable to Unauthenticated Information Disclosure via Exposed Endpoints
Details

Signal K Server is a server application that runs on a central hub in a boat. An unauthenticated information disclosure vulnerability in versions prior to 2.19.0 allows any user to retrieve sensitive system information, including the full SignalK data schema, connected serial devices, and installed analyzer tools. This exposure facilitates reconnaissance for further attacks. Version 2.19.0 patches the issue.

Database specific 
{
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68273.json",
    "cwe_ids": [
        "CWE-200"
    ]
}
References

Affected packages

Git / github.com/signalk/signalk-server

Affected ranges

Type
GIT
Repo
https://github.com/signalk/signalk-server
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
3037c517bb8de70c4b74b61192c57d6176731571

Affected versions

0.*

0.1.1
0.1.10
0.1.11
0.1.12
0.1.13
0.1.18
0.1.19
0.1.2
0.1.3
0.1.4
0.1.5
0.1.6
0.1.7
0.1.8
0.1.9

Other

latest

v0.*

v0.1.24
v0.1.26
v0.1.27
v0.1.28
v0.1.29
v0.1.30
v0.1.33

v1.*

v1.0.0
v1.0.0-0
v1.0.0-1
v1.0.0-2
v1.0.0-3
v1.0.0-4
v1.1.0
v1.1.1
v1.1.2
v1.10.0
v1.10.1
v1.10.2
v1.12.0
v1.13.0
v1.13.1
v1.14.0
v1.15.0
v1.16.0
v1.17.0
v1.18.0
v1.19.0
v1.19.0-beta.2
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v1.2.4
v1.20.0
v1.21.0
v1.22.0
v1.23.0
v1.24.0
v1.25.0
v1.26.0
v1.27.0
v1.27.1
v1.28.0
v1.29.0
v1.3.0
v1.30.0
v1.31.0
v1.32.0
v1.32.0-beta.1
v1.32.0-beta.2
v1.32.0-beta.3
v1.33.0
v1.33.0-beta.1
v1.34.0
v1.35.0
v1.35.1
v1.35.2
v1.36.0
v1.36.0-beta.1
v1.36.0-beta.2
v1.36.0-beta.3
v1.37.0
v1.37.0-beta.1
v1.37.0-beta.3
v1.37.1
v1.37.2
v1.37.3
v1.37.4
v1.37.5
v1.37.6
v1.38.0
v1.38.1
v1.39.0
v1.4.0
v1.4.1
v1.4.2
v1.4.3
v1.40.0
v1.41.0
v1.41.0-beta.1
v1.41.0-beta.2
v1.41.0-beta.3
v1.41.0-beta.4
v1.41.1
v1.41.2
v1.41.3
v1.42.0
v1.43.0
v1.44.0
v1.45.0
v1.46.0
v1.46.1
v1.46.2
v1.46.3
v1.5.0
v1.6.0
v1.7.0
v1.7.1
v1.8.0
v1.9.0
v1.9.1

v2.*

v2.0.0
v2.0.0-beta.10
v2.0.0-beta.11
v2.0.0-beta.12
v2.0.0-beta.2
v2.0.0-beta.3
v2.0.0-beta.4
v2.0.0-beta.5
v2.0.0-beta.6
v2.0.0-beta.7
v2.0.0-beta.8
v2.0.0-beta.9
v2.1.0
v2.1.1
v2.10.0
v2.11.0
v2.12.0
v2.13.0
v2.13.0-beta.0
v2.13.0-beta.1
v2.13.0-beta.2
v2.13.0-beta.3
v2.13.1
v2.13.2
v2.13.3
v2.13.4
v2.13.5
v2.14.0
v2.14.0-beta.0
v2.14.0-beta.1
v2.14.1
v2.14.2
v2.14.3
v2.14.4
v2.15.0
v2.15.0-beta.5
v2.15.0-beta.6
v2.15.1
v2.15.2
v2.15.3
v2.16.0
v2.17.0
v2.17.1
v2.17.2
v2.18.0
v2.19.0-beta.1
v2.19.0-beta.2
v2.19.0-beta.3
v2.19.0-beta.4
v2.19.0-beta.5
v2.2.0
v2.3.0
v2.3.1
v2.4.1
v2.5.0
v2.6.0
v2.6.1
v2.6.2
v2.7.0
v2.7.1
v2.7.2
v2.8.0
v2.8.1
v2.8.2
v2.8.3
v2.9.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68273.json"