CVE-2025-69203

Mutiny on the Bridge: The Signal K Deception (CVE-2025-69203)

Amit Schendel
Amit Schendel
Senior Security Researcher

Jan 2, 2026·6 min read·3 visits

Executive Summary (TL;DR)

Signal K Server < 2.19.0 contains a 'Social Engineering Helper Kit' vulnerability. By blindly trusting `X-Forwarded-For` headers and hiding actual permission levels in the Admin UI, it allows attackers to masquerade as local, harmless devices (like a depth sensor) while secretly requesting—and receiving—full Admin access from an unsuspecting captain.

A sophisticated social engineering vulnerability in Signal K Server allowing attackers to spoof trusted IPs, mask administrative permission requests behind benign descriptions, and leverage information leaks to trick administrators into granting full control.

Official Patches

Signal KSignal K Server v2.19.0 Release Notes

Fix Analysis (1)

Technical Appendix

CVSS Score
6.3/ 10
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Probability
0.10%
Top 100% most exploited
2,500
via Shodan

Affected Systems

Signal K Server (Node.js)

Affected Versions Detail

Product
Affected Versions
Fixed Version
Signal K Server
Signal K
< 2.19.02.19.0
AttributeDetail
CVE IDCVE-2025-69203
CVSS6.3 (Medium)
Attack VectorNetwork (AV:N)
User InteractionRequired (UI:R)
ImpactPrivilege Escalation / Admin Access
Key WeaknessCWE-290 (IP Spoofing) & CWE-451 (UI Misrepresentation)

MITRE ATT&CK Mapping

T1190Exploit Public-Facing Application
Initial Access
T1036Masquerading
Defense Evasion
T1566Phishing
Initial Access
CWE-290
Authentication Bypass by Spoofing

Authentication Bypass by Spoofing

Known Exploits & Detection

TheoreticalSocial Engineering vector requiring network access and admin interaction.

Vulnerability Timeline

Vulnerability Discovered
2025-01-10
Patch Developed (v2.19.0)
2025-01-15
Public Disclosure
2025-01-18

Subscribe to updates

Get the latest CVE analysis reports delivered to your inbox.