QwikSec

Security Database

CVE

CWE

Training

CVE-2025-47419

Published: May 6, 2025

Modified: May 7, 2025

PUBLISHED

Description

Cleartext Transmission of Sensitive Information vulnerability in Crestron Automate VX allows Sniffing Network Traffic. The device allows Web UI and API access over non-secure network ports which exposes sensitive information such as user passwords. This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49.

Vendor	Product	Versions
Crestron	Automate VX	affected `5.6.8161.21536 - <= 6.4.0.49`

Weaknesses (CWE)

References

https://security.crestron.com/

vendor-advisory

https://www.crestron.com/Software-Firmware/Software/Automate-VX-Software/6-4-1-8

patch

https://www.crestron.com/release_notes/automate_vx_6.4.1.8_release_notes.pdf

release-notes

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.