CVE-2025-65857

Name of the Vulnerable Software and Affected Versions Xiongmai XM530 IP cameras version V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06

Description The GetStreamUri function exposes RTSP URIs that include hardcoded credentials, allowing unauthorized access to direct video streams. The affected device is an IP camera.

Recommendations Update to a newer firmware version that addresses this issue. As a temporary workaround, restrict network access to the camera to trusted networks only.