Is openc3 affected by CVE-2025-68271?

RubyGems openc3 is affected in >=5.0.6 <6.10.2.

Is CVE-2025-68271 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.5%.

critical

CVE-2025-68271

Q: Is CVE-2025-68271 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.5%.

RubyGems · openc3

Summary

openc3-api Vulnerable to Unauthenticated Remote Code Execution

Severity: critical
EPSS: 0.5% (p41)
Also known as: GHSA-w757-4qv9-mghp
Published: 2026-01-13

References

https://github.com/OpenC3/cosmos/security/advisories/GHSA-w757-4qv9-mghp
https://nvd.nist.gov/vuln/detail/CVE-2025-68271
https://github.com/OpenC3/cosmos/commit/01e9fbc5e66e9a2500b71a75a44775dd1fc2d1de

Related advisories

GHSA-2wvh-87g2-89hr — critical · RubyGems/openc3
CVE-2026-42087 — critical · RubyGems/openc3
CVE-2025-28389 — critical · PyPI/openc3
CVE-2025-28386 — critical · PyPI/openc3
CVE-2026-42084 — high · RubyGems/openc3
CVE-2024-46977 — high · RubyGems/openc3
CVE-2026-42086 — medium · PyPI/openc3
CVE-2026-42085 — medium · RubyGems/openc3

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.