CVE-2025-12351

Name: CVE-2025-12351
Creator: NVD / NIST
Published: 2025-10-27T15:15:37.653+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 6.8/10EPSS 0.21%

Last modified Jun 17, 2026

CVE-2025-12351 is a medium-severity vulnerability rated 6.8/10 on the CVSS scale. Honeywell S35 Series Cameras contains an authorization bypass Vulnerability through User controller key. An attacker could potentially exploit this vulnerability, leading to Privilege Escalation to admin privileged functionalities . EPSS estimates a 0.21% chance of exploitation in the next 30 days.

Description

Honeywell S35 Series Cameras contains an authorization bypass Vulnerability through User controller key. An attacker could potentially exploit this vulnerability, leading to Privilege Escalation to admin privileged functionalities . Honeywell also recommends updating to the most recent version of this product, service or offering (S35 Pinhole/Kit Camera to version 2025.08.28, S35 AI Fisheye & Dual Sensor/Micro Dome/Full Color Eyeball & Bullet Camera to version 2025.08.22, S35 Thermal Camera to version 2025.08.26).

Metrics

CVSS 3.1

6.8/10

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS Probability

0.21%

11.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

References

https://www.honeywell.com/us/en/product-security

Timeline

Published: Oct 27, 2025
Last Modified: Jun 17, 2026
Status: Deferred

Frequently Asked Questions

What is CVE-2025-12351?

How severe is CVE-2025-12351?

CVE-2025-12351 has a CVSS score of 6.8/10 (MEDIUM severity). The EPSS model estimates a 0.21% probability of exploitation in the next 30 days.

How do I fix CVE-2025-12351?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-12351?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST