CVE-2025-69203
6.30.10%
Mutiny on the Bridge: The Signal K Deception (CVE-2025-69203)
Amit Schendel
Senior Security ResearcherJan 2, 2026·6 min read·5 visits
PoC Available
Executive Summary (TL;DR)
Signal K Server < 2.19.0 contains a 'Social Engineering Helper Kit' vulnerability. By blindly trusting `X-Forwarded-For` headers and hiding actual permission levels in the Admin UI, it allows attackers to masquerade as local, harmless devices (like a depth sensor) while secretly requesting—and receiving—full Admin access from an unsuspecting captain.
A sophisticated social engineering vulnerability in Signal K Server allowing attackers to spoof trusted IPs, mask administrative permission requests behind benign descriptions, and leverage information leaks to trick administrators into granting full control.
Official Patches
Fix Analysis (1)
Technical Appendix
CVSS Score
6.3/ 10
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HEPSS Probability
0.10%
Top 100% most exploited
2,500
Estimated exposed hosts via Shodan
Affected Systems
Signal K Server (Node.js)
Affected Versions Detail
| Product | Affected Versions | Fixed Version |
|---|---|---|
Signal K Server Signal K | < 2.19.0 | 2.19.0 |
| Attribute | Detail |
|---|---|
| CVE ID | CVE-2025-69203 |
| CVSS | 6.3 (Medium) |
| Attack Vector | Network (AV:N) |
| User Interaction | Required (UI:R) |
| Impact | Privilege Escalation / Admin Access |
| Key Weakness | CWE-290 (IP Spoofing) & CWE-451 (UI Misrepresentation) |
MITRE ATT&CK Mapping
CWE-290
Authentication Bypass by Spoofing
Authentication Bypass by Spoofing
Known Exploits & Detection
Vulnerability Timeline
Vulnerability Discovered
2025-01-10
Patch Developed (v2.19.0)
2025-01-15
Public Disclosure
2025-01-18