CVE-2025-2121

MediumPublic PoC

Published: 09 March 2025

Published

09 March 2025

Modified

22 July 2025

KEV Added

—

Patch

—

CVSS Score 6.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0003 9.7th percentile

Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-2121 is a medium-severity Incorrect Privilege Assignment (CWE-266) vulnerability in Thinkware F800 Pro Firmware. Its CVSS base score is 6.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 9.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SC-7 (Boundary Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match

prevent

Directly enforces approved authorizations for access to the file storage component, preventing unauthorized manipulation due to improper access controls.

SC-7 Boundary Protection good match

preventdetect

Monitors and controls network communications at system boundaries, blocking unauthorized adjacent local network access to the vulnerable file storage function.

AC-6 Least Privilege partial match

prevent

Applies least privilege to restrict access rights on file storage, mitigating incorrect privilege assignments exploited over the local network.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

T1105 Ingress Tool Transfer Command And Control

Adversaries may transfer tools or other files from an external system into a compromised environment.

attack.mitre.org →

T1210 Exploitation of Remote Services Lateral Movement

Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.

attack.mitre.org →

Why these techniques?

Improper access controls on file storage enable local network attackers to write arbitrary files or malware, facilitating exploitation of remote services (T1210), potential privilege escalation via implanted payloads (T1068), and ingress tool transfer (T1105).

NVD Description

A vulnerability classified as critical has been found in Thinkware Car Dashcam F800 Pro up to 20250226. Affected is an unknown function of the component File Storage. The manipulation leads to improper access controls. The attack can only be done…

within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Deeper analysisAI

CVE-2025-2121 is a vulnerability classified as critical in Thinkware Car Dashcam F800 Pro versions up to 20250226, affecting an unknown function within the File Storage component. The issue stems from improper access controls (mapped to CWE-266 and CWE-284), allowing manipulation that bypasses intended restrictions. It carries a CVSS v3.1 base score of 6.3 (AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L), indicating medium severity despite the critical classification in advisories.

Attackers on the adjacent local network (AV:A) can exploit this without privileges (PR:N) or user interaction (UI:N), requiring low complexity (AC:L). Successful exploitation grants low-level impacts on confidentiality, integrity, and availability (C:L/I:L/A:L) of the file storage, potentially allowing unauthorized read, modification, or disruption of stored data. No privileges or scope changes are needed, making it feasible for nearby adversaries with network access, such as in parking lots or garages.

VulDB advisories detail the issue and note that the vendor was contacted early but provided no response, with no patches or official mitigations mentioned. The exploit has been publicly disclosed via a GitHub repository (geo-chen/Thinkware-Dashcam), increasing the risk of use by attackers. Security practitioners should isolate dashcam devices from untrusted networks and monitor for firmware updates, though none are confirmed available.

Details

CWE(s): CWE-266 CWE-284 NVD-CWE-noinfo

Affected Products

thinkware

f800 pro firmware

all versions

CVEs Like This One

CVE-2025-8795Shared CWE-266, CWE-284

CVE-2025-2549Shared CWE-266, CWE-284

CVE-2026-2206Shared CWE-266, CWE-284

CVE-2026-2075Shared CWE-266, CWE-284

CVE-2024-13200Shared CWE-266, CWE-284

CVE-2026-3796Shared CWE-266, CWE-284

CVE-2025-54968Shared CWE-284

CVE-2026-21667Shared CWE-284

CVE-2026-32922Shared CWE-266

CVE-2025-48983Shared CWE-284

References

https://github.com/geo-chen/Thinkware-Dashcam
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.299034
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.299034
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.507328
Third Party Advisory, VDB Entry · cna@vuldb.com
https://github.com/geo-chen/Thinkware-Dashcam
Exploit, Third Party Advisory · 134c704f-9b21-4f2e-91b3-4a467353bcc0