CyberHappenings logo
☰
🏠 Home πŸ“‚ Browse ℹ️ About

Critical Vulnerabilities in Space Mission Systems

First reported
Last updated
πŸ“° 1 unique sources, 1 articles

Summary

Hide β–²

Researchers from Vision Space Technologies identified approximately 30 vulnerabilities in software used across multiple space missions, including both ground infrastructure and spacecraft frameworks. These vulnerabilities could allow attackers to send arbitrary commands to spacecraft, take over control centers, or achieve remote code execution on board. The potential impact includes changing trajectories, altering orbits, compromising telemetry, or damaging satellite platforms. The vulnerabilities were found in open-source software, particularly NASA's popular vehicle flight system. The researchers followed a responsible disclosure process, working with vendors to patch the vulnerabilities. The growing number of satellites and increased connectivity in space systems expand the attack surface, making these vulnerabilities a significant concern for cybersecurity in space missions.

Timeline

  1. 20.08.2025 21:16 πŸ“° 1 articles

    Vulnerabilities in Space Mission Systems Disclosed

    Researchers from Vision Space Technologies identified approximately 30 vulnerabilities in software used across multiple space missions. These vulnerabilities could allow attackers to send arbitrary commands to spacecraft, take over control centers, or achieve remote code execution. The potential impact includes changing trajectories, altering orbits, compromising telemetry, or damaging satellite platforms. The vulnerabilities were found in open-source software, particularly NASA's vehicle flight system. The researchers followed a responsible disclosure process, working with vendors to patch the vulnerabilities.

    Show sources
    Open in new tab

Information Snippets

  • Approximately 30 vulnerabilities were discovered in software used across multiple space missions.

    First reported: 20.08.2025 21:16
    πŸ“° 1 source, 1 article
    Show sources

  • Vulnerabilities could allow attackers to send arbitrary commands to spacecraft, take over control centers, or achieve remote code execution.

    First reported: 20.08.2025 21:16
    πŸ“° 1 source, 1 article
    Show sources

  • Potential impacts include changing spacecraft trajectories, altering orbits, compromising telemetry, or damaging satellite platforms.

    First reported: 20.08.2025 21:16
    πŸ“° 1 source, 1 article
    Show sources

  • The vulnerabilities were found in open-source software, particularly NASA's vehicle flight system.

    First reported: 20.08.2025 21:16
    πŸ“° 1 source, 1 article
    Show sources

  • Researchers followed a responsible disclosure process, working with vendors to patch the vulnerabilities.

    First reported: 20.08.2025 21:16
    πŸ“° 1 source, 1 article
    Show sources

  • The growing number of satellites and increased connectivity in space systems expand the attack surface.

    First reported: 20.08.2025 21:16
    πŸ“° 1 source, 1 article
    Show sources

  • Most of the vulnerabilities have been addressed and patched by the vendors.

    First reported: 20.08.2025 21:16
    πŸ“° 1 source, 1 article
    Show sources

  • The attack surface in space systems is expanding due to the launch of mega constellations and increased use of cloud services.

    First reported: 20.08.2025 21:16
    πŸ“° 1 source, 1 article
    Show sources

Similar Happenings

Critical SAP NetWeaver Command Execution Vulnerabilities Patched

SAP has patched three critical vulnerabilities in NetWeaver, its middleware for business applications. The most severe flaw, CVE-2025-42944, allows unauthenticated attackers to execute arbitrary OS commands via insecure deserialization. Two other critical issues, CVE-2025-42922 and CVE-2025-42958, enable authenticated users to upload arbitrary files and unauthorized users to access administrative functions. These vulnerabilities affect SAP's ERP, CRM, SRM, and SCM applications, widely used in large enterprise networks. The patches come amid ongoing exploitation of another critical SAP vulnerability, CVE-2025-42957, which affects S/4HANA, Business One, and NetWeaver products. SAP released 21 new and four updated security notes on September 2025 patch day, including updates for NetWeaver AS ABAP and other SAP products. SAP has also released a patch for a high-severity missing input validation bug in SAP S/4HANA (CVE-2025-42916, CVSS score: 8.1).

Open in new tab

Active exploitation of SAP S/4HANA command injection vulnerability CVE-2025-42957

A critical command injection vulnerability in SAP S/4HANA, tracked as CVE-2025-42957, is being actively exploited in the wild. The flaw allows attackers with low-privileged user access to execute arbitrary ABAP code, potentially leading to full system compromise. The vulnerability affects both on-premise and private cloud editions of SAP S/4HANA. The exploit can result in unauthorized modification of the SAP database, creation of superuser accounts, and theft of password hashes. Organizations are advised to apply patches immediately and monitor for suspicious activity. The vulnerability was fixed by the vendor on August 11, 2025, but several systems have not applied the available security updates, and these are now being targeted by hackers who have weaponized the bug. SecurityBridge discovered the vulnerability and reported it to SAP on June 27, 2025, and even assisted in the development of a patch. SecurityBridge and Pathlock have confirmed active exploitation of the vulnerability. The patch for CVE-2025-42957 is relatively easy to reverse engineer, and successful exploitation gives attackers access to the operating system and all data in the targeted SAP system. Organizations are urged to implement additional security measures, such as SAP's Unified Connectivity framework (UCON), to restrict RFC usage and monitor logs for suspicious activity.

Open in new tab

Active exploitation of TP-Link TL-WA855RE Wi-Fi range extender vulnerability

The US Cybersecurity and Infrastructure Security Agency (CISA) has warned of active exploitation of a missing authentication vulnerability in TP-Link TL-WA855RE Wi-Fi range extender products. The flaw, tracked as CVE-2020-24363, allows attackers on the same network to send unauthenticated requests for a factory reset and reboot, potentially gaining administrative access. The vulnerability was disclosed in August 2020 and has been resolved by TP-Link in firmware updates. However, the product is now discontinued, and users are advised to discontinue its use. CISA has added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, urging federal agencies to address it by September 23, 2025. On September 4, 2025, CISA added two additional TP-Link router vulnerabilities, CVE-2023-50224 and CVE-2025-9377, to its KEV catalog, noting evidence of active exploitation. These vulnerabilities affect multiple TP-Link router models, some of which have reached end-of-life status. TP-Link released firmware updates in November 2024 to address these issues, but recommends upgrading to newer hardware for enhanced protection.

Open in new tab

Exploit chain in Sitecore Experience Platform enables remote code execution

Three new vulnerabilities in the Sitecore Experience Platform can be chained to achieve remote code execution (RCE). The flaws include HTML cache poisoning, RCE through insecure deserialization, and information disclosure via the ItemService API. Patches for these vulnerabilities were released in June and July 2025. The exploit chain leverages a combination of pre-authentication and post-authentication vulnerabilities to compromise fully-patched instances of the platform. Additionally, a zero-day vulnerability (CVE-2025-53690) has been exploited by threat actors to deliver malware, including WeepSteel, and perform extensive reconnaissance and lateral movement. The flaw is a ViewState deserialization vulnerability caused by the inclusion of a sample ASP.NET machine key in pre-2025 Sitecore guides. The attackers target the '/sitecore/blocked.aspx' endpoint, which contains an unauthenticated ViewState field, and achieve RCE under the IIS NETWORK SERVICE account by leveraging CVE-2025-53690. The malicious payload dropped by the attackers is WeepSteel, a reconnaissance backdoor that gathers system, process, disk, and network information. The attack observed by Mandiant stemmed from a documentation issue involving sample machine keys provided for customer use. Sitecore advised customers to rotate and secure ASP.NET machine keys, encrypt elements in web.config files, and restrict access to administrators only. CISA has ordered FCEB agencies to update their Sitecore instances by September 25, 2025.

Open in new tab

Citrix NetScaler ADC and Gateway vulnerabilities actively exploited

Citrix has released patches for three vulnerabilities in NetScaler ADC and NetScaler Gateway. One of these vulnerabilities, CVE-2025-7775, is a zero-day flaw actively exploited in the wild. The flaws affect various configurations and can lead to remote code execution, denial-of-service, or improper access control. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-7775 to its Known Exploited Vulnerabilities (KEV) catalog, requiring federal agencies to remediate the flaw within 48 hours. The vulnerabilities were discovered by security researchers Jimi Sebree, Jonathan Hetzer, and François HÀmmerli. Nearly 20% of NetScaler assets identified are on unsupported, end-of-life versions, primarily in North America and the APAC region.

Open in new tab