CVE-2025-35451
Published: 05 September 2025
Summary
CVE-2025-35451 is a critical-severity Use of Hard-coded Credentials (CWE-798) vulnerability in Ptzoptics Pt12X-Sdi-Xx-G2 Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Default Accounts (T1078.001); ranked at the 37.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-2 (Account Management) and IA-5 (Authenticator Management).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
IA-5 directly mandates changing default authenticators and managing passwords, comprehensively addressing the hard-coded, crackable credentials that enable unauthorized access.
AC-2 requires managing accounts by disabling unnecessary or default administrative accounts, preventing exploitation of persistent hard-coded credentials.
SC-7 enforces boundary protection to monitor and control network communications, blocking remote access to exposed SSH and Telnet services on all interfaces.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Hard-coded default credentials on exposed SSH/Telnet directly enable Valid Accounts (Default Accounts) and External Remote Services for initial access and remote code execution.
NVD Description
PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use hard-coded, default administrative credentials. The passwords can readily be cracked. Many cameras have SSH or telnet listening on all interfaces. The passwords cannot be changed by the user, nor can the SSH…
more
or telnet service be disabled by the user.
Deeper analysisAI
CVE-2025-35451 is a critical vulnerability (CVSS 9.8) involving the use of hard-coded, default administrative credentials (CWE-798) in PTZOptics cameras and possibly other ValueHD-based pan-tilt-zoom cameras. These credentials have passwords that can be readily cracked, and many affected devices expose SSH or Telnet services listening on all interfaces. Users cannot change the passwords or disable these services, leaving the devices persistently vulnerable to unauthorized access.
Remote attackers require no privileges, authentication, or user interaction to exploit this vulnerability over the network with low complexity. Successful exploitation grants administrative access via SSH or Telnet, enabling high-impact confidentiality, integrity, and availability violations, such as full remote code execution or device takeover.
CISA's ICS Advisory ICSA-25-162-10 provides detailed mitigation guidance for this vulnerability. Additional information is available in the official CVE record and related GreyNoise reports.
GreyNoise Intelligence discovered this and related zero-day vulnerabilities in live-streaming cameras using AI assistance, highlighting real-world risks in operational technology environments.
Details
- CWE(s)