Crestron Automate VX Exposure of Sensitive Information Vulnerability Allowing Functionality Misuse

Vulnerability

A vulnerability in Crestron Automate VX, versions 5.6.8161.21536 through 6.4.0.49, allows for the unauthorized exposure of sensitive information and misuse of functionality. The issue arises because there is no visible indication when the system is recording, and recording can be enabled remotely via a network API.

Impact

Exploitation of this vulnerability could lead to unauthorized recording without the knowledge of the user or administrator.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Crestron Automate VX Exposure of Sensitive Information Vulnerability Allowing Functionality Misuse

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating