CVE-2025-47418 Information

Description

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Crestron Automate VX allows Functionality Misuse.

There is no visible indication when the system is recording and recording can be enabled remotely via a network API. This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49.

Reference

https://security.crestron.com/ https://www.crestron.com/release_notes/automate_vx_6.4.1.8_release_notes.pdf https://www.crestron.com/Software-Firmware/Software/Automate-VX-Software/6-4-1-8