CVE-2025-1739
Published: 27 February 2025
Summary
CVE-2025-1739 is a high-severity Authentication Bypass Using an Alternate Path or Channel (CWE-288) vulnerability in Incibe (inferred from references). Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 12.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-8 (Identification and Authentication (Non-organizational Users)).
Deeper analysis
CVE-2025-1739 is an authentication bypass vulnerability (CWE-288) in Trivision Camera NC227WF version 5.8.0 from Trivision Security. The issue enables an attacker to retrieve administrator credentials in cleartext by sending a request to the "/en/player/activex_pal.asp" endpoint using curl with random credentials, which successfully authenticates the application. Published on 2025-02-27, it carries a CVSS v3.1 base score of 7.1 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N).
An unauthenticated attacker (PR:N) with adjacent network access (AV:A) can exploit this vulnerability with low complexity (AC:L) and no user interaction (UI:N). Successful exploitation allows retrieval of administrator credentials in cleartext, resulting in high confidentiality impact (C:H), low integrity impact (I:L), and no availability impact (A:N), effectively bypassing authentication controls.
The INCIBE-CERT advisory on multiple vulnerabilities in Trivision Camera NC227WF, available at https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-trivision-camera-nc227wf, provides further details on this and related issues.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-5470
- 🇪🇸 INCIBE: www.incibe.es
Vulnerability details
An Authentication Bypass vulnerability has been found in Trivision Camera NC227WF v5.8.0 from TrivisionSecurity. This vulnerability allows an attacker to retrieve administrator's credentials in cleartext by sending a request against the server using curl with random credentials to "/en/player/activex_pal.asp" and…
more
successfully authenticating the application.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Auth bypass on exposed camera endpoint directly enables T1190 exploitation for initial access and exposes cleartext admin credentials matching T1552.001.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires the system to enforce approved authorizations for logical access to endpoints like /en/player/activex_pal.asp, directly preventing authentication bypass and unauthorized credential retrieval.
Mandates identification and authentication for non-organizational users accessing the camera system, countering the vulnerability that allows random credentials to bypass authentication.
Requires timely identification, reporting, and correction of flaws like this authentication bypass, eliminating the specific vulnerability through patching or remediation.