CVE-2025-65856
Last modified
CVE-2025-65856 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Authentication bypass vulnerability in Xiongmai XM530 IP cameras on Firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06 allows unauthenticated remote attackers to access sensitive device information and live video streams. The ONVIF implementation fails to enforce authentication on 31 critical endpoints, enabling direct unauthorized video stream access.. EPSS estimates a 0.85% chance of exploitation in the next 30 days.
Description
Authentication bypass vulnerability in Xiongmai XM530 IP cameras on Firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06 allows unauthenticated remote attackers to access sensitive device information and live video streams. The ONVIF implementation fails to enforce authentication on 31 critical endpoints, enabling direct unauthorized video stream access.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Xiongmaitech | Xm530v200 X6-Weq 8m Firmware | 5.00.r02.000807d8.10010.346624.s.onvif_21.06 |
References
- http://hangzhou.comNot Applicable
- http://ip.comNot Applicable
- https://luismirandaacebedo.github.io/CVE-2025-65856/Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-65856?
How severe is CVE-2025-65856?
How do I fix CVE-2025-65856?
Are you affected by CVE-2025-65856?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST