PT-2025-52686 · Xiongmai+1 · Xiongmai Xm530+1
Luis Miranda Acebedo
·
Published
2025-12-22
·
Updated
2026-04-25
·
CVE-2025-65856
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Xiongmai XM530 IP cameras version V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06
Description
An authentication bypass issue exists in Xiongmai XM530 IP cameras. This allows unauthenticated remote attackers to access sensitive device information and live video streams. The ONVIF implementation does not enforce authentication on 31 critical endpoints, enabling direct unauthorized video stream access.
Recommendations
Update Xiongmai XM530 IP cameras to a version that addresses this authentication bypass. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Onvif
Xiongmai Xm530