CVE-2025-35452
Last modified
CVE-2025-35452 is a critical-severity vulnerability rated 9.2/10 on the CVSS scale. PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use default, shared credentials for the administrative web interface.. EPSS estimates a 0.79% chance of exploitation in the next 30 days.
Description
PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use default, shared credentials for the administrative web interface.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ptzoptics | Pt12x-Sdi-Xx-G2 Firmware | All versions |
| Ptzoptics | Pt12x-Ndi-Xx Firmware | All versions |
| Ptzoptics | Pt12x-Usb-Xx-G2 Firmware | All versions |
| Ptzoptics | Pt20x-Sdi-Xx-G2 Firmware | All versions |
| Ptzoptics | T20x-Ndi-Xx Firmware | All versions |
| Ptzoptics | Pt20x-Usb-Xx-G2 Firmware | All versions |
| Ptzoptics | Pt30x-Sdi-Xx-G2 Firmware | All versions |
| Ptzoptics | Pt30x-Ndi-Xx Firmware | All versions |
| Ptzoptics | Pt12x-Zcam Firmware | All versions |
| Ptzoptics | Pt20x-Zcam Firmware | All versions |
| Ptzoptics | Ptvl-Zcam Firmware | All versions |
| Ptzoptics | Pteptz-Zcam-G2 Firmware | All versions |
| Ptzoptics | Pteptz-Ndi-Zcam-G2 | All versions |
| Ptzoptics | Pt12x-4k-Xx-G3 Firmware | <= 0.0.58 |
| Ptzoptics | Pt20x-4k-Xx-G3 Firmware | <= 0.0.85 |
| Ptzoptics | Pt30x-4k-Xx-G3 Firmware | <= 2.0.64 |
| Ptzoptics | Pt12x-Link-4k-Xx Firmware | <= 0.0.63 |
| Ptzoptics | Pt20x-Link-4k-Xx Firmware | <= 0.0.89 |
| Ptzoptics | Pt30x-Link-4k-Xx Firmware | <= 2.0.71 |
| Ptzoptics | Pt12x-Se-Xx-G3 Firmware | <= 9.1.43 |
| Ptzoptics | Pt20x-Se-Xx-G3 Firmware | <= 9.1.32 |
| Ptzoptics | Pt30x-Se-Xx-G3 Firmware | <= 9.1.33 |
| Ptzoptics | Pt-Studiopro Firmware | <= 9.0.41 |
| Ptzoptics | Vl Fixed Camera Firmware | <= 7.2.94 |
| Ptzoptics | Ndi Fixed Camera Firmware | <= 7.2.94 |
| Multicam-Systems | Mcamii Ptz Firmware | All versions |
| Smtav | Ba30s Firmware | All versions |
| Smtav | Ba20s Firmware | All versions |
| Smtav | Bv20s Firmware | All versions |
| Smtav | Bx30s Firmware | All versions |
| Smtav | Bx20n Firmware | All versions |
| Smtav | Bx20uhd-N Firmware | All versions |
| Smtav | Bx20uhd Firmware | All versions |
| Smtav | Ba30-N Firmware | All versions |
| Smtav | Ba20-N Firmware | All versions |
| Smtav | Ba12-N Firmware | All versions |
| Smtav | Hd17h-N Firmware | All versions |
| Smtav | Bx20s-Sh Firmware | All versions |
| Smtav | Hd17h Firmware | All versions |
| Smtav | Bv30s Firmware | All versions |
| Smtav | Ba12s Firmware | All versions |
| Valuehd | Vx90 Firmware | All versions |
| Valuehd | Vx720l Firmware | All versions |
| Valuehd | Vx752ag Firmware | All versions |
| Valuehd | Vx752a Firmware | All versions |
| Valuehd | Vx751ba Firmware | All versions |
| Valuehd | Vx630al Firmware | All versions |
| Valuehd | Vx61asl Firmware | All versions |
| Valuehd | Vx61basl Firmware | All versions |
| Valuehd | Vx60asl Firmware | All versions |
Showing 50 of 61 affected configurations. See NVD for the full list.
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-10Third Party Advisory, US Government Resource
- https://www.cve.org/CVERecord?id=CVE-2025-35452Third Party Advisory
- https://www.labs.greynoise.io/grimoire/2024-10-31-sift-0-day-rce/Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-35452?
How severe is CVE-2025-35452?
How do I fix CVE-2025-35452?
Are you affected by CVE-2025-35452?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST