CVE-2025-12636

Ubia Ubox

CVSS 7.1 HIGHEPSS 0.2%CWE-522

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7.1EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

06 Nov 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

The Ubia camera ecosystem fails to adequately secure API credentials, potentially enabling an attacker to connect to backend services. The attacker would then be able to gain unauthorized access to available cameras, enabling the viewing of live feeds or modification of settings.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected products

Ubia · Ubox Android Ubia · Ubox IOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-310-02.json https://www.cisa.gov/news-events/ics-advisories/icsa-25-310-02