CVE-2025-12351
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-12351, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-10-27

Last updated on: 2025-10-30

Assigner: Honeywell International Inc.

Description

Honeywell S35 Series Cameras contains an authorization bypass Vulnerability through User controller key. An attacker could potentially exploit this vulnerability, leading to Privilege Escalation to admin privileged functionalities . Honeywell also recommends updating to the most recent version of this product, service or offering (S35 Pinhole/Kit Camera to version 2025.08.28, S35 AI Fisheye & Dual Sensor/Micro Dome/Full Color Eyeball & Bullet Camera to version 2025.08.22, S35 Thermal Camera to version 2025.08.26).

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-10-27
Last Modified
2025-10-30
Generated
2026-07-06
AI Q&A
2025-10-27
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
honeywell s35_series_cameras *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-668 The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is an authorization bypass in Honeywell S35 Series Cameras through the User controller key. It allows an attacker to potentially escalate their privileges to gain admin-level access to the camera's functionalities.

Impact Analysis

The vulnerability can impact you by allowing an attacker to gain unauthorized admin privileges on the affected Honeywell S35 Series Cameras, potentially leading to unauthorized control and access to sensitive camera functions.

Mitigation Strategies

To mitigate this vulnerability, Honeywell recommends updating the affected S35 Series Cameras to the most recent versions: S35 Pinhole/Kit Camera to version 2025.08.28, S35 AI Fisheye & Dual Sensor/Micro Dome/Full Color Eyeball & Bullet Camera to version 2025.08.22, and S35 Thermal Camera to version 2025.08.26.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-12351. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart