← back
CVE-2025-65857

CVE-2025-65857

CVSS 7.5 HIGHEPSS 0.4%CWE-359
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.5EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
22 Dec 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An issue was discovered in Xiongmai XM530 IP cameras on firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. The GetStreamUri exposes RTSP URIs containing hardcoded credentials enabling direct unauthorized video stream access.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://hangzhou.comhttp://ip.comhttps://luismirandaacebedo.github.io/CVE-2025-65857/https://www.xiongmaitech.com/en/index.php/service/notice_info/51/4