← back
CVE-2025-47418

Recording

CVSS 5.3 MEDIUMEPSS 0.3%CWE-200
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Crestron Automate VX allows Functionality Misuse. There is no visible indication when the system is recording and recording can be enabled remotely via a network API. This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Affected products
Crestron · Automate VX

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://security.crestron.com/https://www.crestron.com/release_notes/automate_vx_6.4.1.8_release_notes.pdfhttps://www.crestron.com/Software-Firmware/Software/Automate-VX-Software/6-4-1-8