CVE-2025-68620 | SignalK Server up to 2.18.x REST Endpoint requests startServerEvents authentication bypass (GHSA-fq56-hvg6-wvm5)

Inserito da Angelo Barbosa | Gen 1, 2026 | CVE

A vulnerability categorized as critical has been discovered in SignalK Server up to 2.18.x. The impacted element is the function startServerEvents of the file /signalk/v1/access/requests/ of the component REST Endpoint. Such manipulation leads to authentication bypass using alternate channel.

This vulnerability is listed as CVE-2025-68620. The attack may be performed from remote. There is no available exploit.

It is advisable to upgrade the affected component.

CVE-2025-68620 | SignalK Server up to 2.18.x REST Endpoint requests startServerEvents authentication bypass (GHSA-fq56-hvg6-wvm5)

Post correlati

CVE-2024-48896 | Moodle information exposure

CVE-2025-50054 | OpenVPN ovpn-dco-win up to 1.3.0/2.5.8 Kernel Driver heap-based overflow

CVE-2023-30476 | Sparkle Themes Blogger Buzz Plugin up to 1.2.2 on WordPress authorization

CVE-2024-12204 | Coupon X Plugin up to 1.3.5 on WordPress authorization