GCVE - cpe:2.3:a:crestron:automate_vx:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:crestron:automate_vx:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Crestron (`c3f889c7-b88c-556e-9a5e-f70525099cf1`)
Product	Automate Vx (`911e1acb-d4ad-59df-a2ae-a554ab18c02c`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-47420`	vulnerable	2026-06-03 15:01:32.692298	User Permissions on Network API 266 vulnerability in Crestron Automate VX allows Privilege Escalation.This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49. Published: 2025-05-06T21:33:39.188Z Updated: 2025-05-07T14:03:50.793Z Open on db.gcve.eu Reference links https://security.crestron.com/ https://www.crestron.com/Software-Firmware/Software/Automate-VX-Software/6-4-1-8 https://www.crestron.com/release_notes/automate_vx_6.4.1.8_release_notes.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-47419`	vulnerable	2026-06-03 15:01:32.692002	Non-Secure Access Cleartext Transmission of Sensitive Information vulnerability in Crestron Automate VX allows Sniffing Network Traffic. The device allows Web UI and API access over non-secure network ports which exposes sensitive information such as user passwords. This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49. Published: 2025-05-06T20:52:44.604Z Updated: 2025-05-07T14:03:57.638Z Open on db.gcve.eu Reference links https://security.crestron.com/ https://www.crestron.com/Software-Firmware/Software/Automate-VX-Software/6-4-1-8 https://www.crestron.com/release_notes/automate_vx_6.4.1.8_release_notes.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-47418`	vulnerable	2026-06-03 15:01:32.691592	Recording Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Crestron Automate VX allows Functionality Misuse. There is no visible indication when the system is recording and recording can be enabled remotely via a network API. This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49. Published: 2025-05-06T20:13:38.805Z Updated: 2025-05-07T14:04:11.178Z Open on db.gcve.eu Reference links https://security.crestron.com/ https://www.crestron.com/Software-Firmware/Software/Automate-VX-Software/6-4-1-8 https://www.crestron.com/release_notes/automate_vx_6.4.1.8_release_notes.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-47417`	vulnerable	2026-06-03 15:01:32.691166	Enable Debug Images Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Crestron Automate VX allows Functionality Misuse. When Enable Debug Images in Crestron Automate VX is active, snapshots of the captured video or portions thereof are stored locally on the system, and there is no visible indication that this is being done. This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49. Published: 2025-05-06T19:49:09.288Z Updated: 2025-05-08T18:35:06.098Z Open on db.gcve.eu Reference links https://security.crestron.com https://www.crestron.com/Software-Firmware/Software/Automate-VX-Software/6-4-1-8 https://www.crestron.com/release_notes/automate_vx_6.4.1.8_release_notes.pdf	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.