Cyber Resilience

CVE-2025-2121

MediumPublic PoC

Published: 09 March 2025

Published
09 March 2025
Modified
22 July 2025
KEV Added
Patch
CVSS Score v4 5.3 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0003 10.2th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-2121 is a medium-severity Incorrect Privilege Assignment (CWE-266) vulnerability in Thinkware F800 Pro Firmware. Its CVSS base score is 5.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 10.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SC-7 (Boundary Protection).

Deeper analysis

CVE-2025-2121 is a vulnerability classified as critical in Thinkware Car Dashcam F800 Pro versions up to 20250226, affecting an unknown function within the File Storage component. The issue stems from improper access controls (mapped to CWE-266 and CWE-284), allowing manipulation that bypasses intended restrictions. It carries a CVSS v3.1 base score of 6.3 (AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L), indicating medium severity despite the critical classification in advisories.

Attackers on the adjacent local network (AV:A) can exploit this without privileges (PR:N) or user interaction (UI:N), requiring low complexity (AC:L). Successful exploitation grants low-level impacts on confidentiality, integrity, and availability (C:L/I:L/A:L) of the file storage, potentially allowing unauthorized read, modification, or disruption of stored data. No privileges or scope changes are needed, making it feasible for nearby adversaries with network access, such as in parking lots or garages.

VulDB advisories detail the issue and note that the vendor was contacted early but provided no response, with no patches or official mitigations mentioned. The exploit has been publicly disclosed via a GitHub repository (geo-chen/Thinkware-Dashcam), increasing the risk of use by attackers. Security practitioners should isolate dashcam devices from untrusted networks and monitor for firmware updates, though none are confirmed available.

EU & UK References

Vulnerability details

A vulnerability classified as critical has been found in Thinkware Car Dashcam F800 Pro up to 20250226. Affected is an unknown function of the component File Storage. The manipulation leads to improper access controls. The attack can only be done…

more

within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1105 Ingress Tool Transfer Command And Control
Adversaries may transfer tools or other files from an external system into a compromised environment.
T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Why these techniques?

Improper access controls on file storage enable local network attackers to write arbitrary files or malware, facilitating exploitation of remote services (T1210), potential privilege escalation via implanted payloads (T1068), and ingress tool transfer (T1105).

CVEs Like This One

CVE-2026-2206Shared CWE-266, CWE-284
CVE-2025-8795Shared CWE-266, CWE-284
CVE-2025-2549Shared CWE-266, CWE-284
CVE-2026-2075Shared CWE-266, CWE-284
CVE-2024-13200Shared CWE-266, CWE-284
CVE-2026-3796Shared CWE-266, CWE-284
CVE-2026-9517Shared CWE-266, CWE-284
CVE-2026-21262Shared CWE-284
CVE-2026-21667Shared CWE-284
CVE-2025-54968Shared CWE-284

Affected Assets

thinkware
f800 pro firmware
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces approved authorizations for access to the file storage component, preventing unauthorized manipulation due to improper access controls.

preventdetect

Monitors and controls network communications at system boundaries, blocking unauthorized adjacent local network access to the vulnerable file storage function.

prevent

Applies least privilege to restrict access rights on file storage, mitigating incorrect privilege assignments exploited over the local network.

References