What is the CVSS score of CVE-2025-68273?

CVE-2025-68273 has a CVSS 3.1 base score of 5.3 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. EPSS exploitation probability: 0.0%.

Which versions of Signal K Server are affected by CVE-2025-68273?

Organizations using a boat. An unauthenticated information disclosure vulnerability in should be aware of moderate risk from CVE-2025-68273, a information exposure vulnerability rated CVSS 5.3.. A patch is available.

Is there a public PoC exploit available for CVE-2025-68273?

Yes, a public proof-of-concept exploit is available for CVE-2025-68273. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2025-68273?

Within 30 days: Identify affected systems running a boat. An unauthenticated information disclosure vulnerabil and apply vendor patches as part of regular patch cycle. Review data exposure and access controls.

Signal K Server CVE-2025-68273

MEDIUM

Information Exposure (CWE-200)

2026-01-01 security-advisories@github.com

GHSA-fpf5-w967-rr2m

Information Disclosure Signal K Server

5.3

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

5.3 MEDIUM

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Jan 06, 2026 - 17:58 vuln.today

Public exploit code

CVE Published

Jan 01, 2026 - 19:15 nvd

MEDIUM 5.3

DescriptionGitHub Advisory

Signal K Server is a server application that runs on a central hub in a boat. An unauthenticated information disclosure vulnerability in versions prior to 2.19.0 allows any user to retrieve sensitive system information, including the full SignalK data schema, connected serial devices, and installed analyzer tools. This exposure facilitates reconnaissance for further attacks. Version 2.19.0 patches the issue.

AnalysisAI

Signal K Server is a server application that runs on a central hub in a boat. [CVSS 5.3 MEDIUM]

Technical ContextAI

Classified as CWE-200 (Information Exposure). Affects Signal K Server. Signal K Server is a server application that runs on a central hub in a boat. An unauthenticated information disclosure vulnerability in versions prior to 2.19.0 allows any user to retrieve sensitive system information, including the full SignalK data schema, connected serial devices, and installed analyzer tools. This exposure facilitates reconnaissance for further attacks. Version 2.19.0 patches the issue.

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

CVE-2025-68273 vulnerability details – vuln.today

Back

Signal K Server CVE-2025-68273

Severity by source

CVSS VectorGitHub Advisory

Lifecycle Timeline

DescriptionGitHub Advisory

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code