Unauthenticated attackers with access to the MAVLink interface can gain full interactive shell access to PX4-powered vehicles, potentially leading to complete loss of physical and digital control.

MAVLink 2.0 does not require cryptographic authentication by default. An unauthenticated party can inject MAVLink messages, including the SERIAL_CONTROL message, which provides a direct interactive shell. This allows for unauthorized control of the vehicle's onboard computer.

The impact is extreme, involving the potential for physical destruction of the vehicle, theft of the asset, or use of the vehicle for malicious purposes. In a commercial or defense context, this represents a total failure of mission security and safety. The CVSS score of 9.8 reflects the critical risk to both data and physical safety.

Immediate Action: Enable MAVLink 2.0 message signing immediately on all PX4 systems to enforce cryptographic authentication for all communications.

Proactive Monitoring: Monitor MAVLink traffic for unexpected SERIAL_CONTROL messages or unauthorized heartbeat signals from unknown system IDs.

Compensating Controls: Secure the communication channel (e.g., radio link or network) using external encryption (VPN or encrypted telemetry) to prevent unauthorized access to the MAVLink interface.

Public Exploit Available: No

Cryptographic signing is not optional for safe vehicle operation. Administrators and operators must ensure that MAVLink 2.0 signing is properly configured with secure keys. Failure to do so leaves the vehicle open to hijacking by anyone capable of transmitting on the same frequency or network.