CVE-2025-12351
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-27

Last updated on: 2025-10-30

Assigner: Honeywell International Inc.

Description
Honeywell S35 Series Cameras contains an authorization bypass Vulnerability through User controller key. An attacker could potentially exploit this vulnerability, leading to Privilege Escalation to admin privileged functionalities . Honeywell also recommends updating to the most recent version of this product, service or offering (S35 Pinhole/Kit Camera to version 2025.08.28, S35 AI Fisheye & Dual Sensor/Micro Dome/Full Color Eyeball & Bullet Camera to version 2025.08.22, S35 Thermal Camera to version 2025.08.26).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-27
Last Modified
2025-10-30
Generated
2026-06-16
AI Q&A
2025-10-27
EPSS Evaluated
2026-06-15
NVD
CVE-2025-12351
EUVD
EUVD-2025-36196
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
honeywell s35_series_cameras *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-668 The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an authorization bypass in Honeywell S35 Series Cameras through the User controller key. It allows an attacker to potentially escalate their privileges to gain admin-level access to the camera's functionalities.

Impact Analysis

The vulnerability can impact you by allowing an attacker to gain unauthorized admin privileges on the affected Honeywell S35 Series Cameras, potentially leading to unauthorized control and access to sensitive camera functions.

Mitigation Strategies

To mitigate this vulnerability, Honeywell recommends updating the affected S35 Series Cameras to the most recent versions: S35 Pinhole/Kit Camera to version 2025.08.28, S35 AI Fisheye & Dual Sensor/Micro Dome/Full Color Eyeball & Bullet Camera to version 2025.08.22, and S35 Thermal Camera to version 2025.08.26.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-12351. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart