CVE-2025-65857

Exploit

EPSS 0.06%
Veröffentlicht 22.12.2025 00:00:00
Zuletzt bearbeitet 05.01.2026 18:20:45
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in Xiongmai XM530 IP cameras on firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. The GetStreamUri exposes RTSP URIs containing hardcoded credentials enabling direct unauthorized video stream access.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Xiongmaitech ≫ Xm530v200 X6-weq 8m Firmware Version5.00.r02.000807d8.10010.346624.s.onvif_21.06

Xiongmaitech ≫ Xm530v200 X6-weq 8m Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.184

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-359 Exposure of Private Personal Information to an Unauthorized Actor

The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.

http://ip.com

Not Applicable

http://hangzhou.com

Permissions Required

https://luismirandaacebedo.github.io/CVE-2025-65857/

Third Party Advisory

Exploit

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2025-65857

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-65857

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-65857

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-65857