CVE-2025-52599
Inadequate Permission Management in Camera Guest Account
Publication date: 2025-12-26
Last updated on: 2025-12-26
Assigner: Hanwha Vision Co., Ltd.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hanwha | vision | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-269 | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves inadequate permission management for the camera guest account, meaning that the guest account on certain cameras does not have properly restricted permissions, potentially allowing unauthorized access or actions.
How can this vulnerability impact me? :
The vulnerability could allow unauthorized users to access or control camera functions through the guest account, potentially leading to privacy breaches, unauthorized surveillance, or manipulation of camera operations.
What immediate steps should I take to mitigate this vulnerability?
Apply the patch firmware released by the manufacturer to fix the inadequate permission management for the camera guest account. Refer to the manufacturer's report for detailed instructions and workarounds.