Overview
CVE-2025-64770 is a medium-severity vulnerability affecting certain products that utilize the Open Network Video Interface Forum (ONVIF) standard. This vulnerability allows unauthenticated access to ONVIF services. Successful exploitation could grant an attacker unauthorized access to sensitive camera configuration information, potentially leading to further malicious activities.
This vulnerability was published on 2025-11-20T21:16:06.753. Organizations using affected products are strongly encouraged to review their configurations and apply the recommended mitigations as soon as possible.
Technical Details
The root cause of CVE-2025-64770 lies in the lack of proper authentication checks for certain ONVIF services. An attacker on the same network (or with network access to the vulnerable device) can potentially send specially crafted requests directly to these services without needing to provide any credentials. This allows them to bypass intended access controls and retrieve or modify camera settings. The specific affected services and how they are exploited will depend on the implementation of the ONVIF standard in the vulnerable product.
CVSS Analysis
The Common Vulnerability Scoring System (CVSS) score for CVE-2025-64770 is 6.8 (MEDIUM). This score reflects the potential impact and exploitability of the vulnerability.
- CVSS Score: 6.8
- Vector: (This would be specified in the NVD data, calculate based on the advisory)
A CVSS score of 6.8 indicates that the vulnerability is moderately complex to exploit and could lead to partial compromise of the affected system. The absence of authentication requirements significantly increases the exploitability of this vulnerability.
Possible Impact
Successful exploitation of CVE-2025-64770 can have significant consequences, including:
- Unauthorized Access to Camera Feeds: Attackers could gain access to live video and recorded footage.
- Configuration Manipulation: Camera settings such as pan, tilt, zoom (PTZ), recording schedules, and network configurations could be altered.
- Denial of Service (DoS): Attackers might be able to disrupt camera functionality or cause a denial of service.
- Pivot Point for Further Attacks: Compromised cameras could be used as a stepping stone to access other devices on the network.
- Privacy Violation: Sensitive data captured by the cameras could be exposed or stolen.
Mitigation or Patch Steps
To mitigate the risks associated with CVE-2025-64770, the following steps are recommended:
- Apply Patches: Check with the camera vendor (e.g., iCAM365 if applicable based on the advisory) for available security patches and updates and apply them immediately.
- Network Segmentation: Isolate security cameras on a separate network segment to limit the potential impact of a successful attack.
- Strong Passwords: Even though this is an unauthenticated vulnerability, ensure all other services running on the device (if any) are protected by strong, unique passwords.
- Disable Unnecessary Services: Disable any unnecessary or unused ONVIF services on the camera.
- Regular Security Audits: Conduct regular security audits of your network and devices to identify and address potential vulnerabilities.
- Monitor Network Traffic: Implement network monitoring to detect suspicious activity, such as unauthorized access attempts to ONVIF services.
- Firewall Rules: Implement firewall rules to restrict access to the ONVIF ports from untrusted networks.
References
CISA CSAF Advisory
iCAM365 Website
CISA ICS Advisory ICSA-25-324-02
