CVE-2025-11757
BaseFortify
Publication date: 2025-10-21
Last updated on: 2025-10-21
Assigner: ICS-CERT
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| meari_technologies | cloudedge_app | 4.4.2 |
| meari_technologies | cloudedge_cloud | * |
| meari_technologies | cloudedge_online_cameras | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-155 | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as wildcards or matching symbols when they are sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists because the CloudEdge Cloud does not sanitize the MQTT topic input. An attacker can exploit this by using the MQTT wildcard to subscribe to all messages intended for other users. Through this, the attacker can intercept messages containing credentials and key information needed to connect to cameras from peer to peer.
How can this vulnerability impact me? :
The impact of this vulnerability is that an attacker can gain unauthorized access to sensitive information such as credentials and keys for connecting to cameras. This could lead to unauthorized surveillance, privacy breaches, and potential control over the affected cameras.