Cyber Resilience

CVE-2025-25680

HighPublic PoCRCE

Published: 11 March 2025

Published
11 March 2025
Modified
07 July 2025
KEV Added
Patch
CVSS Score v3.1 7.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
EPSS Score 0.0025 48.8th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-25680 is a high-severity Code Injection (CWE-94) vulnerability in Lsc Ptz Dual Band Camera Firmware. Its CVSS base score is 7.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 48.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-25680, published on 2025-03-11, is a remote code execution (RCE) vulnerability in the LSC Smart Connect LSC Indoor PTZ Camera version 7.6.32. The issue affects the tuya_ipc_direct_connect function within the anyka_ipc process, classified under CWE-94 (Improper Control of Generation of Code). It carries a CVSS v3.1 base score of 7.7 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L). The vulnerability enables arbitrary code execution through the Wi-Fi configuration process when a specially crafted QR code is presented to the camera.

An unauthenticated attacker (PR:N) can exploit this over a network vector (AV:N), though it requires high attack complexity (AC:H) and no specific user interaction (UI:N). By presenting the malicious QR code during the camera's Wi-Fi setup, the attacker achieves arbitrary code execution on the device, resulting in high confidentiality and integrity impacts (C:H/I:H) and low availability impact (A:L).

References for CVE-2025-25680 include two GitHub repositories from Yasha-ops: https://github.com/Yasha-ops/LSC_Indoor_PTZ_Camera-RCE, focused on the LSC Indoor PTZ Camera RCE, and https://github.com/Yasha-ops/vulnerability-research/tree/master/CVE-2025-25680, part of a vulnerability research tree. These sources provide details on the issue but do not specify official advisories, patches, or mitigation guidance.

EU & UK References

Vulnerability details

LSC Smart Connect LSC Indoor PTZ Camera 7.6.32 is contains a RCE vulnerability in the tuya_ipc_direct_connect function of the anyka_ipc process. The vulnerability allows arbitrary code execution through the Wi-Fi configuration process when a specially crafted QR code is presented…

more

to the camera.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

RCE vulnerability in network-accessible camera process (tuya_ipc_direct_connect) via crafted QR code input during setup directly enables T1190 (Exploit Public-Facing Application) for initial access and facilitates T1059.004 (Unix Shell) for arbitrary command execution on the embedded Linux-based device.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-29955Shared CWE-94
CVE-2024-55964Shared CWE-94
CVE-2026-20045Shared CWE-94
CVE-2025-67038Shared CWE-94
CVE-2024-23921Shared CWE-94
CVE-2024-53944Shared CWE-94
CVE-2024-44722Shared CWE-94
CVE-2026-25001Shared CWE-94
CVE-2026-43680Shared CWE-94
CVE-2024-54804Shared CWE-94

Affected Assets

lsc
ptz dual band camera firmware
7.6.32

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the RCE vulnerability by requiring timely remediation of the flaw in the tuya_ipc_direct_connect function through patching or updates.

prevent

Prevents arbitrary code execution by enforcing validation of inputs from specially crafted QR codes during the Wi-Fi configuration process.

prevent

Establishes and enforces secure configuration settings for the anyka_ipc process and Wi-Fi setup to reduce the attack surface for QR code exploitation.

References