CVE-2025-30111

High

Published: 18 March 2025

Published

18 March 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.0031 54.2th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-30111 is a high-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Iroad Dashcam (inferred from references). Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 45.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-14 Permitted Actions Without Identification or Authentication good match

prevent

Explicitly identifies and authorizes only specific actions without identification or authentication, preventing unauthorized access to video dump and live stream endpoints.

AC-3 Access Enforcement good match

prevent

Enforces approved authorizations for logical access to system resources, requiring authentication to block exploitation of unauthenticated video endpoints.

SC-14 Public Access Protections good match

prevent

Provides protections for publicly accessible interfaces to prevent unauthorized access and disclosure of sensitive video footage and live streams.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1005 Data from Local System Collection

Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.

attack.mitre.org →

Why these techniques?

Missing authentication on exposed endpoints enables remote exploitation of public-facing application (T1190); directly facilitates unauthorized collection of video files and streams from local system storage (T1005).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

On IROAD v9 devices, one can Remotely Dump Video Footage and the Live Video Stream. The dashcam exposes endpoints that allow unauthorized users, who gained access through other means, to list and download recorded videos, as well as access live…

video streams without proper authentication.

Deeper analysisAI

CVE-2025-30111 is a missing authentication vulnerability (CWE-306) affecting IROAD v9 dashcam devices. The flaw exposes endpoints that permit listing and downloading of recorded video footage as well as access to live video streams without proper authentication. Published on March 18, 2025, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high severity due to significant confidentiality impact.

Attackers with network access to the device can exploit this vulnerability remotely without privileges or user interaction. The description notes that unauthorized users who have gained access through other means—such as the device being exposed online or on an accessible network—can directly dump video footage and live streams, compromising sensitive surveillance data.

References include a GitHub repository at https://github.com/geo-chen/IROAD-V, likely containing proof-of-concept details, and a product page at https://iroad-dashcam.nl/iroad/iroad-x5/ for the affected IROAD X5 model. No specific mitigation or patch information is detailed in the available data.