CVE-2025-25680

Name of the Vulnerable Software and Affected Versions: LSC Smart Connect LSC Indoor PTZ Camera version 7.6.32

Description: The issue concerns a remote code execution (RCE) vulnerability in the tuya ipc direct connect function of the anyka ipc process. This vulnerability allows for arbitrary code execution through the Wi-Fi configuration process when a specially crafted QR code is presented to the camera.

Recommendations: For LSC Smart Connect LSC Indoor PTZ Camera version 7.6.32, as a temporary workaround, consider disabling the tuya ipc direct connect function until a patch is available. Restrict access to the Wi-Fi configuration process to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.