Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

MiR Robots

Source -

CNA

CNA CVEs -

5

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
5Vulnerabilities found
CVE-2025-9229
Assigner-1b7e193f-2525-49a1-b171-84af8827c9eb
ShareView Details
Assigner-1b7e193f-2525-49a1-b171-84af8827c9eb
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 10.09%
||
7 Day CHG~0.00%
Published-20 Aug, 2025 | 08:36
Updated-20 Aug, 2025 | 15:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information Disclosure in MiR robots and MiR fleet through verbose error pages

Information disclosure vulnerability in error handling in MiR software prior to version 3.0.0 allows unauthenticated attackers to view detailed error information, such as file paths and other data, via access to verbose error pages.

Action-Not Available
Vendor-Mobile Industrial Robots
Product-MiR FleetMiR Robots
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2025-9228
Assigner-1b7e193f-2525-49a1-b171-84af8827c9eb
ShareView Details
Assigner-1b7e193f-2525-49a1-b171-84af8827c9eb
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 5.51%
||
7 Day CHG~0.00%
Published-20 Aug, 2025 | 08:24
Updated-20 Aug, 2025 | 15:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insufficient authorization when creating notes

MiR software versions prior to version 3.0.0 have insufficient authorization controls when creating text notes, allowing low-privilege users to create notes which are intended only for administrative users.

Action-Not Available
Vendor-Mobile Industrial Robots
Product-MiR FleetMiR Robots
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-9225
Assigner-1b7e193f-2525-49a1-b171-84af8827c9eb
ShareView Details
Assigner-1b7e193f-2525-49a1-b171-84af8827c9eb
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 9.91%
||
7 Day CHG~0.00%
Published-20 Aug, 2025 | 07:26
Updated-20 Aug, 2025 | 17:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-site scripting (XSS) in MiR robots and MiR fleet

Stored cross-site scripting (XSS) in the web interface of MiR software versions prior to 3.0.0 on MiR Robots and MiR Fleet allows execution of arbitrary JavaScript code in a victim’s browser

Action-Not Available
Vendor-Mobile Industrial Robots
Product-MiR FleetMiR Robots
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-8749
Assigner-1b7e193f-2525-49a1-b171-84af8827c9eb
ShareView Details
Assigner-1b7e193f-2525-49a1-b171-84af8827c9eb
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 13.03%
||
7 Day CHG~0.00%
Published-08 Aug, 2025 | 11:46
Updated-08 Aug, 2025 | 20:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Path traversal vulnerability in MiR robot software via API requests

Path Traversal vulnerability in API Endpoint in Mobile Industrial Robots (MiR) Software Versions prior to 3.0.0 on MiR Robots allows authenticated users to extract files from the robot file system via a crafted API request.

Action-Not Available
Vendor-Mobile Industrial Robots
Product-MiR Robots
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-8748
Assigner-1b7e193f-2525-49a1-b171-84af8827c9eb
ShareView Details
Assigner-1b7e193f-2525-49a1-b171-84af8827c9eb
CVSS Score-8.8||HIGH
EPSS-0.26% / 49.51%
||
7 Day CHG~0.00%
Published-08 Aug, 2025 | 11:09
Updated-08 Aug, 2025 | 20:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OS command injection in MiR robots and MiR fleet via crafted HTTP requests

MiR software versions prior to version 3.0.0 are affected by a command injection vulnerability. A malicious HTTP request crafted by an authenticated user could allow the execution of arbitrary commands on the underlying operating system.

Action-Not Available
Vendor-Mobile Industrial Robots
Product-MiR RobotsMiR Fleet
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')