At Metis, the security of our maritime digital infrastructure and the integrity of our customers’ data are our highest priorities.

As part of our commitment to continuous security monitoring, we recently resolved potential vulnerabilities identified by Cydome Research. The vulnerabilities were found in a deprecated service within a limited set of our METIS WIC and METIS DFS devices operating on older software versions. Devices operating on current versions were not affected.

Upon being notified of these findings, our engineering team immediately initiated a thorough review. We confirmed that the identified issues and were linked to a legacy service that was already slated for deprecation. A dedicated update was rapidly developed to completely remove the vulnerable deprecated service. As of January 22, 2026, this patch has been successfully deployed across the entire active installed base, ensuring that all operating devices are fully protected. The update required no user interaction and was carried out through our standard remote update process. Furthermore, there is no evidence of exploitation in the maritime environment.

It must be noted that exploiting those vulnerabilities would require the attacker to have already gained access to the vessel’s internal IT network through an alternative path. Moreover, the vulnerabilities do not inherently provide automatic compromise of broader ship systems. Standard practices such as network segmentation and security controls further reduce potential exposure.

“We want to thank the Cydome team for their professional approach and for identifying these vulnerabilities through a responsible disclosure process” said Andreas Symeonidis VP of Operations at Metis. “The issues were limited to a narrow set of devices running earlier software versions. While the affected service was already deprecated as part of our ongoing product evolution, Cydome’s collaboration enabled us to accelerate validation and complete the global rollout of updates. Their findings helped us ensure our customers’ devices and data remain secure.” 

See joined responsible disclosure publication

A culture of Cyber Resilience

This rapid successful resolution is a testament to our stance on cybersecurity. Rather than viewing security as a static goal, we treat it as an evolving part of our solution roadmap. Our “Security-First” approach includes:

• Industry Collaboration: We actively collaborate and engage in responsible disclosure programs with specialized firms like Cydome to stay ahead of emerging threats.
  
• Rigorous Testing: Beyond individual device security, we conduct comprehensive annual penetration tests with leading specialized agencies to ensure our whole infrastructure remains impenetrable.
  
• Certified Excellence: Our hardware is not just built for performance; it has received Type Approval by Bureau Veritas for cybersecurity, meeting the highest international maritime standards.