CVE-2025-12351
BaseFortify
Publication date: 2025-10-27
Last updated on: 2025-10-30
Assigner: Honeywell International Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| honeywell | s35_series_cameras | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-668 | The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. |
| CWE-639 | The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an authorization bypass in Honeywell S35 Series Cameras through the User controller key. It allows an attacker to potentially escalate their privileges to gain admin-level access to the camera's functionalities.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing an attacker to gain unauthorized admin privileges on the affected Honeywell S35 Series Cameras, potentially leading to unauthorized control and access to sensitive camera functions.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, Honeywell recommends updating the affected S35 Series Cameras to the most recent versions: S35 Pinhole/Kit Camera to version 2025.08.28, S35 AI Fisheye & Dual Sensor/Micro Dome/Full Color Eyeball & Bullet Camera to version 2025.08.22, and S35 Thermal Camera to version 2025.08.26.