PT-2025-42916 · Unknown · Cloudedge Cloud
Published
2025-10-21
·
Updated
2025-10-21
·
CVE-2025-11757
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
CloudEdge Cloud (affected versions not specified)
Description
The CloudEdge Cloud does not properly sanitize the MQTT topic input. This allows an attacker to use the MQTT wildcard functionality to subscribe to topics and receive messages intended for other users. These messages may contain credentials and key information used to connect to cameras. An attacker could potentially obtain this information and gain unauthorized access to cameras.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Neutralization of Wildcards
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cloudedge Cloud