How to fix CVE-2025-68273?

Within 30 days: Identify affected systems running a boat. An unauthenticated information disclosure vulnerabil and apply vendor patches as part of regular patch cycle. Review data exposure and access controls.

Is Signal K Server affected by CVE-2025-68273?

Organizations using a boat. An unauthenticated information disclosure vulnerability in should be aware of moderate risk from CVE-2025-68273, a information exposure vulnerability rated CVSS 5.3. Sensitive information could be exposed to unauthorized parties.

CVE-2025-68273

MEDIUM

2026-01-01 [email protected]

GHSA-fpf5-w967-rr2m

5.3

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Jan 06, 2026 - 17:58 vuln.today

Public exploit code

CVE Published

Jan 01, 2026 - 19:15 nvd

MEDIUM 5.3

Description

Signal K Server is a server application that runs on a central hub in a boat. An unauthenticated information disclosure vulnerability in versions prior to 2.19.0 allows any user to retrieve sensitive system information, including the full SignalK data schema, connected serial devices, and installed analyzer tools. This exposure facilitates reconnaissance for further attacks. Version 2.19.0 patches the issue.

Analysis

Signal K Server is a server application that runs on a central hub in a boat. [CVSS 5.3 MEDIUM]

Technical Context

Classified as CWE-200 (Information Exposure). Affects Signal K Server. Signal K Server is a server application that runs on a central hub in a boat. An unauthenticated information disclosure vulnerability in versions prior to 2.19.0 allows any user to retrieve sensitive system information, including the full SignalK data schema, connected serial devices, and installed analyzer tools. This exposure facilitates reconnaissance for further attacks. Version 2.19.0 patches the issue.

Affected Products

Vendor: Signalk. Product: Signal K Server. Versions: up to 2.19.0.

Remediation

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +26

POC: +20

CVE-2025-68273 vulnerability details – vuln.today

Back

CVE-2025-68273

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-68273

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code