CVE-2025-65856
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk50th percentile - higher than 50% of all known CVEs
Summary
An authentication bypass vulnerability in Xiongmai XM530 IP cameras running Firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06 allows unauthenticated remote attackers to access sensitive device information and live video streams. The ONVIF implementation fails to enforce authentication on 31 critical endpoints, enabling direct unauthorized video stream access.
Risk Assessment
The organization is at risk of leaking confidential video data and device information, potentially leading to privacy breaches, industrial espionage, or further attacks leveraging the cameras.
Recommendation
Immediately update the Xiongmai XM530 camera firmware to the latest version; if no patch is available, temporarily restrict camera access via firewall or VPN.
Original NVD description (English source)
Authentication bypass vulnerability in Xiongmai XM530 IP cameras on Firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06 allows unauthenticated remote attackers to access sensitive device information and live video streams. The ONVIF implementation fails to enforce authentication on 31 critical endpoints, enabling direct unauthorized video stream access.

