CVE Catalog

CVE-2025-65856

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.73%

50th percentile - higher than 50% of all known CVEs

Summary

An authentication bypass vulnerability in Xiongmai XM530 IP cameras running Firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06 allows unauthenticated remote attackers to access sensitive device information and live video streams. The ONVIF implementation fails to enforce authentication on 31 critical endpoints, enabling direct unauthorized video stream access.

Risk Assessment

The organization is at risk of leaking confidential video data and device information, potentially leading to privacy breaches, industrial espionage, or further attacks leveraging the cameras.

Recommendation

Immediately update the Xiongmai XM530 camera firmware to the latest version; if no patch is available, temporarily restrict camera access via firewall or VPN.

Original NVD description (English source)

Authentication bypass vulnerability in Xiongmai XM530 IP cameras on Firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06 allows unauthenticated remote attackers to access sensitive device information and live video streams. The ONVIF implementation fails to enforce authentication on 31 critical endpoints, enabling direct unauthorized video stream access.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS