1. Home
  2. Vulnerabilities
  3. CVE-2025-35452
9.8
CRITICAL CVSS 3.1
CVE-2025-35452
Pan-Tilt-Zoom cameras default administrative credentials for web interface
Description

PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use default, shared credentials for the administrative web interface.

INFO

Published Date :

Sept. 5, 2025, 6:15 p.m.

Last Modified :

Dec. 23, 2025, 5:08 p.m.

Remotely Exploit :

Yes !

Source :

9119a7d8-5eab-497f-8521-727c672e3725
Affected Products

The following products are affected by CVE-2025-35452 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Ptzoptics pt12x-sdi-xx-g2_firmware
2 Ptzoptics pt12x-sdi-xx-g2
3 Ptzoptics pt12x-ndi-xx_firmware
4 Ptzoptics pt12x-ndi-xx
5 Ptzoptics pt12x-usb-xx-g2_firmware
6 Ptzoptics pt12x-usb-xx-g2
7 Ptzoptics pt20x-sdi-xx-g2_firmware
8 Ptzoptics pt20x-sdi-xx-g2
9 Ptzoptics t20x-ndi-xx_firmware
10 Ptzoptics t20x-ndi-xx
11 Ptzoptics pt20x-usb-xx-g2_firmware
12 Ptzoptics pt20x-usb-xx-g2
13 Ptzoptics pt30x-sdi-xx-g2_firmware
14 Ptzoptics pt30x-sdi-xx-g2
15 Ptzoptics pt30x-ndi-xx_firmware
16 Ptzoptics pt30x-ndi-xx
17 Ptzoptics pt12x-zcam_firmware
18 Ptzoptics pt12x-zcam
19 Ptzoptics pt20x-zcam_firmware
20 Ptzoptics pt20x-zcam
21 Ptzoptics ptvl-zcam_firmware
22 Ptzoptics ptvl-zcam
23 Ptzoptics pteptz-zcam-g2_firmware
24 Ptzoptics pteptz-zcam-g2
25 Ptzoptics pteptz-ndi-zcam-g2
26 Ptzoptics pteptz-ndi-zcam-g2
27 Ptzoptics pt12x-4k-xx-g3_firmware
28 Ptzoptics pt12x-4k-xx-g3
29 Ptzoptics pt20x-4k-xx-g3_firmware
30 Ptzoptics pt20x-4k-xx-g3
31 Ptzoptics pt30x-4k-xx-g3_firmware
32 Ptzoptics pt30x-4k-xx-g3
33 Ptzoptics pt12x-link-4k-xx_firmware
34 Ptzoptics pt12x-link-4k-xx
35 Ptzoptics pt20x-link-4k-xx_firmware
36 Ptzoptics pt20x-link-4k-xx
37 Ptzoptics pt30x-link-4k-xx_firmware
38 Ptzoptics pt30x-link-4k-xx
39 Ptzoptics pt12x-se-xx-g3_firmware
40 Ptzoptics pt12x-se-xx-g3
41 Ptzoptics pt20x-se-xx-g3_firmware
42 Ptzoptics pt20x-se-xx-g3
43 Ptzoptics pt30x-se-xx-g3_firmware
44 Ptzoptics pt30x-se-xx-g3
45 Ptzoptics pt-studiopro_firmware
46 Ptzoptics pt-studiopro
47 Ptzoptics vl_fixed_camera_firmware
48 Ptzoptics vl_fixed_camera
49 Ptzoptics ndi_fixed_camera_firmware
50 Ptzoptics ndi_fixed_camera
1 Valuehd vx90_firmware
2 Valuehd vx90
3 Valuehd vx720l_firmware
4 Valuehd vx720l
5 Valuehd vx752ag_firmware
6 Valuehd vx752ag
7 Valuehd vx752a_firmware
8 Valuehd vx752a
9 Valuehd vx751ba_firmware
10 Valuehd vx751ba
11 Valuehd vx630al_firmware
12 Valuehd vx630al
13 Valuehd vx61asl_firmware
14 Valuehd vx61asl
15 Valuehd vx61basl_firmware
16 Valuehd vx61basl
17 Valuehd vx60asl_firmware
18 Valuehd vx60asl
19 Valuehd vx61al_firmware
20 Valuehd vx61al
21 Valuehd vx60al_firmware
22 Valuehd vx60al
23 Valuehd vx701ra_firmware
24 Valuehd vx701ra
25 Valuehd vx701ta_firmware
26 Valuehd vx701ta
27 Valuehd vx800i2_firmware
28 Valuehd vx800i2
29 Valuehd v61w_firmware
30 Valuehd v61w
31 Valuehd v63xl_firmware
32 Valuehd v63xl
33 Valuehd v60xl_firmware
34 Valuehd v60xl
35 Valuehd vx70uvs_firmware
36 Valuehd vx70uvs
37 Valuehd vx71uvs_firmware
38 Valuehd vx71uvs
39 Valuehd v71uvs_firmware
40 Valuehd v71uvs
1 Smtav ba30s_firmware
2 Smtav ba30s
3 Smtav ba20s_firmware
4 Smtav ba20s
5 Smtav bv20s_firmware
6 Smtav bv20s
7 Smtav bx30s_firmware
8 Smtav bx30s
9 Smtav bx20n_firmware
10 Smtav bx20n
11 Smtav bx20uhd-n_firmware
12 Smtav bx20uhd-n
13 Smtav bx20uhd_firmware
14 Smtav bx20uhd
15 Smtav ba30-n_firmware
16 Smtav ba30-n
17 Smtav ba20-n_firmware
18 Smtav ba20-n
19 Smtav ba12-n_firmware
20 Smtav ba12-n
21 Smtav hd17h-n_firmware
22 Smtav hd17h-n
23 Smtav bx20s-sh_firmware
24 Smtav bx20s-sh
25 Smtav hd17h_firmware
26 Smtav hd17h
27 Smtav bv30s_firmware
28 Smtav bv30s
29 Smtav ba12s_firmware
30 Smtav ba12s
1 Multicam-systems mcamii_ptz_firmware
2 Multicam-systems mcamii_ptz
: Total Affected Vendor : 4 | Products : 122
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 CRITICAL 9119a7d8-5eab-497f-8521-727c672e3725
CVSS 4.0 CRITICAL 9119a7d8-5eab-497f-8521-727c672e3725
Solution
Change default administrative web interface credentials to unique, strong passwords.
  • Access the camera's web interface.
  • Locate and change the default administrator password.
  • Implement unique passwords for each camera.
  • Ensure all passwords are strong.
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2025-35452.

URL Resource
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-162-10.json Patch
https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-10 Third Party Advisory US Government Resource
https://www.cve.org/CVERecord?id=CVE-2025-35452 Third Party Advisory
https://www.greynoise.io/blog/greynoise-intelligence-discovers-zero-day-vulnerabilities-in-live-streaming-cameras-with-the-help-of-ai Third Party Advisory
https://www.labs.greynoise.io/grimoire/2024-10-31-sift-0-day-rce/ Exploit Third Party Advisory
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2025-35452 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2025-35452 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2025-35452 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2025-35452 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Dec. 23, 2025

    Action Type Old Value New Value
    Added CPE Configuration AND OR *cpe:2.3:o:ptzoptics:pt12x-sdi-xx-g2_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:ptzoptics:pt12x-sdi-xx-g2:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ptzoptics:pt12x-ndi-xx_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:ptzoptics:pt12x-ndi-xx:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ptzoptics:pt12x-usb-xx-g2_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:ptzoptics:pt12x-usb-xx-g2:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ptzoptics:pt20x-sdi-xx-g2_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:ptzoptics:pt20x-sdi-xx-g2:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ptzoptics:t20x-ndi-xx_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:ptzoptics:t20x-ndi-xx:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ptzoptics:pt20x-usb-xx-g2_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:ptzoptics:pt20x-usb-xx-g2:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ptzoptics:pt30x-sdi-xx-g2_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:ptzoptics:pt30x-sdi-xx-g2:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ptzoptics:pt30x-ndi-xx_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:ptzoptics:pt30x-ndi-xx:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ptzoptics:pt12x-zcam_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:ptzoptics:pt12x-zcam:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ptzoptics:pt20x-zcam_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:ptzoptics:pt20x-zcam:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ptzoptics:ptvl-zcam_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:ptzoptics:ptvl-zcam:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ptzoptics:pteptz-zcam-g2_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:ptzoptics:pteptz-zcam-g2:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ptzoptics:pteptz-ndi-zcam-g2:-:*:*:*:*:*:*:* OR cpe:2.3:h:ptzoptics:pteptz-ndi-zcam-g2:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ptzoptics:pt12x-4k-xx-g3_firmware:*:*:*:*:*:*:*:* versions up to (including) 0.0.58 OR cpe:2.3:h:ptzoptics:pt12x-4k-xx-g3:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ptzoptics:pt20x-4k-xx-g3_firmware:*:*:*:*:*:*:*:* versions up to (including) 0.0.85 OR cpe:2.3:h:ptzoptics:pt20x-4k-xx-g3:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ptzoptics:pt30x-4k-xx-g3_firmware:*:*:*:*:*:*:*:* versions up to (including) 2.0.64 OR cpe:2.3:h:ptzoptics:pt30x-4k-xx-g3:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ptzoptics:pt12x-link-4k-xx_firmware:*:*:*:*:*:*:*:* versions up to (including) 0.0.63 OR cpe:2.3:h:ptzoptics:pt12x-link-4k-xx:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ptzoptics:pt20x-link-4k-xx_firmware:*:*:*:*:*:*:*:* versions up to (including) 0.0.89 OR cpe:2.3:h:ptzoptics:pt20x-link-4k-xx:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ptzoptics:pt30x-link-4k-xx_firmware:*:*:*:*:*:*:*:* versions up to (including) 2.0.71 OR cpe:2.3:h:ptzoptics:pt30x-link-4k-xx:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ptzoptics:pt12x-se-xx-g3_firmware:*:*:*:*:*:*:*:* versions up to (including) 9.1.43 OR cpe:2.3:h:ptzoptics:pt12x-se-xx-g3:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ptzoptics:pt20x-se-xx-g3_firmware:*:*:*:*:*:*:*:* versions up to (including) 9.1.32 OR cpe:2.3:h:ptzoptics:pt20x-se-xx-g3:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ptzoptics:pt30x-se-xx-g3_firmware:*:*:*:*:*:*:*:* versions up to (including) 9.1.33 OR cpe:2.3:h:ptzoptics:pt30x-se-xx-g3:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ptzoptics:pt-studiopro_firmware:*:*:*:*:*:*:*:* versions up to (including) 9.0.41 OR cpe:2.3:h:ptzoptics:pt-studiopro:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ptzoptics:vl_fixed_camera_firmware:*:*:*:*:*:*:*:* versions up to (including) 7.2.94 OR cpe:2.3:h:ptzoptics:vl_fixed_camera:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ptzoptics:ndi_fixed_camera_firmware:*:*:*:*:*:*:*:* versions up to (including) 7.2.94 OR cpe:2.3:h:ptzoptics:ndi_fixed_camera:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:multicam-systems:mcamii_ptz_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:multicam-systems:mcamii_ptz:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:smtav:ba30s_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:smtav:ba30s:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:smtav:ba20s_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:smtav:ba20s:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:smtav:bv20s_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:smtav:bv20s:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:smtav:bx30s_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:smtav:bx30s:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:smtav:bx20n_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:smtav:bx20n:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:smtav:bx20uhd-n_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:smtav:bx20uhd-n:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:smtav:bx20uhd_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:smtav:bx20uhd:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:smtav:ba30-n_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:smtav:ba30-n:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:smtav:ba20-n_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:smtav:ba20-n:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:smtav:ba12-n_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:smtav:ba12-n:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:smtav:hd17h-n_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:smtav:hd17h-n:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:smtav:bx20s-sh_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:smtav:bx20s-sh:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:smtav:hd17h_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:smtav:hd17h:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:smtav:bv30s_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:smtav:bv30s:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:smtav:ba12s_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:smtav:ba12s:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:valuehd:vx90_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:valuehd:vx90:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:valuehd:vx720l_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:valuehd:vx720l:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:valuehd:vx752ag_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:valuehd:vx752ag:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:valuehd:vx752a_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:valuehd:vx752a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:valuehd:vx751ba_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:valuehd:vx751ba:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:valuehd:vx630al_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:valuehd:vx630al:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:valuehd:vx61asl_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:valuehd:vx61asl:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:valuehd:vx61basl_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:valuehd:vx61basl:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:valuehd:vx60asl_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:valuehd:vx60asl:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:valuehd:vx61al_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:valuehd:vx61al:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:valuehd:vx60al_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:valuehd:vx60al:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:valuehd:vx701ra_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:valuehd:vx701ra:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:valuehd:vx701ta_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:valuehd:vx701ta:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:valuehd:vx800i2_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:valuehd:vx800i2:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:valuehd:v61w_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:valuehd:v61w:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:valuehd:v63xl_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:valuehd:v63xl:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:valuehd:v60xl_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:valuehd:v60xl:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:valuehd:vx70uvs_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:valuehd:vx70uvs:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:valuehd:vx71uvs_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:valuehd:vx71uvs:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:valuehd:v71uvs_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:valuehd:v71uvs:-:*:*:*:*:*:*:*
    Added Reference Type Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government: https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-162-10.json Types: Patch
    Added Reference Type Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government: https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-10 Types: Third Party Advisory, US Government Resource
    Added Reference Type Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government: https://www.cve.org/CVERecord?id=CVE-2025-35452 Types: Third Party Advisory
    Added Reference Type Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government: https://www.greynoise.io/blog/greynoise-intelligence-discovers-zero-day-vulnerabilities-in-live-streaming-cameras-with-the-help-of-ai Types: Third Party Advisory
    Added Reference Type Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government: https://www.labs.greynoise.io/grimoire/2024-10-31-sift-0-day-rce/ Types: Exploit, Third Party Advisory
  • CVE Modified by 9119a7d8-5eab-497f-8521-727c672e3725

    Sep. 05, 2025

    Action Type Old Value New Value
    Added Reference https://www.greynoise.io/blog/greynoise-intelligence-discovers-zero-day-vulnerabilities-in-live-streaming-cameras-with-the-help-of-ai
    Added Reference https://www.labs.greynoise.io/grimoire/2024-10-31-sift-0-day-rce/
  • New CVE Received by 9119a7d8-5eab-497f-8521-727c672e3725

    Sep. 05, 2025

    Action Type Old Value New Value
    Added Description PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use default, shared credentials for the administrative web interface.
    Added CVSS V4.0 AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Added CWE CWE-798
    Added CWE CWE-1392
    Added Reference https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-162-10.json
    Added Reference https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-10
    Added Reference https://www.cve.org/CVERecord?id=CVE-2025-35452
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
Base CVSS Score: 9.2
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Base CVSS Score: 9.8
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact