CVE-2025-13819: Open redirect

Note

This Security Advisory is based on a thorough investigation and all findings that were available at the time of publication. Should new information become available, it is possible that the initial assessment changes and the Security Advisory will be updated.

Summary

MiR robot and fleet software versions prior to version 3.7.0 are affected by an open redirect vulnerability. The web server accepts user-controlled input and uses it to redirect users to external sites without proper validation. This flaw enables crafting URLs that appear legitimate but redirect users to attacker-controlled sites, facilitating phishing and credential theft.

CVSS 3.1 Base Score: 6.1 (Medium)

CVSS 3.1 Vector: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attribution

This vulnerability was discovered and reported by Lockheed Martin Red Team.

References

1. NIST NVD entry: CVE-2025-13819

2. MiR Cybersecurity Guide: https://supportportal.mobile-industrial-robots.com/documentation/mircybersecurity-guide/mir-cybersecurity-guide/

Recommended Actions

1. Upgrade to software version 3.7.0 or newer

Compensating Controls

If you cannot immediately update to the recommended version, we recommend the following compensating measures:

1. Operate the MiR system in a segmented and secured network with strict firewall rules

2. Secure user accounts on the MiR system as recommended in the MiR Cybersecurity Guide