CVE-2025-36513
BaseFortify
Publication date: 2025-06-06
Last updated on: 2025-06-06
Assigner: JPCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-36513 is a cross-site request forgery (CSRF) vulnerability affecting multiple surveillance cameras by i-PRO Co., Ltd. If a user who is logged into the affected camera views a specially crafted web page, an attacker can cause unintended operations to be performed on the camera without the user's consent. [1, 2]
How can this vulnerability impact me? :
This vulnerability can allow an attacker to perform unauthorized actions on your surveillance cameras remotely by tricking a logged-in user into visiting a malicious web page. This could lead to unintended changes or operations on the device, potentially compromising its intended function or security. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Update the affected i-PRO surveillance camera firmware to the fixed versions: 2.80 for WV-X Series, 2.85 for WV-S Series, and 3.45 for WV-U Series. This will address the CSRF vulnerability and prevent unauthorized operations. [1, 2]