CVE-2025-11757
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-11757, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-10-21

Last updated on: 2025-10-21

Assigner: ICS-CERT

Description

The CloudEdge Cloud does not sanitize the MQTT topic input, which could allow an attacker to leverage the MQTT wildcard to receive all the messages that should be delivered to other users by subscribing to the a MQTT topic. In these messages, the attacker can obtain the credentials and key information to connect to the cameras from peer to peer.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-10-21
Last Modified
2025-10-21
Generated
2026-07-06
AI Q&A
2025-10-21
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
meari_technologies cloudedge_app 4.4.2
meari_technologies cloudedge_cloud *
meari_technologies cloudedge_online_cameras *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-155 The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as wildcards or matching symbols when they are sent to a downstream component.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists because the CloudEdge Cloud does not sanitize the MQTT topic input. An attacker can exploit this by using the MQTT wildcard to subscribe to all messages intended for other users. Through this, the attacker can intercept messages containing credentials and key information needed to connect to cameras from peer to peer.

Impact Analysis

The impact of this vulnerability is that an attacker can gain unauthorized access to sensitive information such as credentials and keys for connecting to cameras. This could lead to unauthorized surveillance, privacy breaches, and potential control over the affected cameras.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-11757. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart