MSA-17: Information Disclosure
Last modified: 24 Sept 2025
Note
This Security Advisory is based on a thorough investigation and all findings that were available at the time of publication. Should new information become available, it is possible that the initial assessment changes and the Security Advisory will be updated.
Summary
MiR software versions prior to version 3.0.0 are affected by an information disclosure vulnerability. An unauthenticated attacker is able to view error pages which include unnecessarily detailed error information, such as file paths and other data. Such unnecessarily verbose information could potentially ease future exploitation attempts by attackers.
CVSS 3.1 Base Score: 5.3 (Medium)
CVSS:3.1 Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products
Product
Affected software versions
MiR Robots
< 3.0.0
MiR Fleet
< 3.0.0
Attribution
This vulnerability was discovered and reported by Lockheed Martin Red Team.
References
NIST NVD entry: CVE-2025-9229
MiR Cybersecurity Guide: https://supportportal.mobile-industrial-robots.com/documentation/mircybersecurity-guide/mir-cybersecurity-guide/
Recommended Actions
Update to the newest software version, at least version 3.0.0
Compensating Controls
If you cannot immediately update to the recommended version, we recommend the following compensating measures:
Operate the MiR system in a segmented and secured network with strict firewall rules
Secure user accounts on the MiR system as recommended in the MiR Cybersecurity Guide
Revision history
Date
Description
September 24, 2025
Revised as part of a webpage update
March 26, 2024
Initial Advisory publication