The device allows Web UI and API access over non-secure network ports which exposes sensitive information such as user passwords.
This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49.
Metrics
Affected Vendors & Products
Solution
Crestron recommends updating to firmware version 6.4.1.8 or higher. The firmware version will disables the use of unsecure ports for the Web UI and API.
Workaround
Protect the device at the physical or network layer using an external firewall to prevent unauthorized configuration.
Sun, 13 Jul 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
epss
|
epss
|
Wed, 07 May 2025 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 06 May 2025 21:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Cleartext Transmission of Sensitive Information vulnerability in Crestron Automate VX allows Sniffing Network Traffic. The device allows Web UI and API access over non-secure network ports which exposes sensitive information such as user passwords. This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49. | |
Title | Non-Secure Access | |
Weaknesses | CWE-319 | |
References |
| |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: Crestron
Published:
Updated: 2025-05-07T14:03:57.638Z
Reserved: 2025-05-06T19:36:18.441Z
Link: CVE-2025-47419

Updated: 2025-05-07T13:47:57.410Z

Status : Awaiting Analysis
Published: 2025-05-06T21:16:20.867
Modified: 2025-05-07T14:13:20.483
Link: CVE-2025-47419

No data.

No data.