CVE-2025-65856
Published: 22 December 2025
Summary
CVE-2025-65856 is a critical-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Xiongmaitech Xm530V200 X6-Weq 8M Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 46.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).
Deeper analysis
CVE-2025-65856 is an authentication bypass vulnerability in Xiongmai XM530 IP cameras running firmware version V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. The flaw arises from the ONVIF implementation's failure to enforce authentication on 31 critical endpoints, enabling unauthenticated remote attackers to access sensitive device information and live video streams. Published on 2025-12-22, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-306 (Missing Authentication for Critical Function).
Unauthenticated remote attackers with network access to affected cameras can exploit this vulnerability with low complexity and no privileges or user interaction required. Exploitation allows direct unauthorized access to sensitive device data and live video streams, potentially exposing private surveillance footage and device configurations.
Advisories and further details on mitigation, including potential patches, are documented in the following references: http://hangzhou.com, http://ip.com, and https://luismirandaacebedo.github.io/CVE-2025-65856/.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-204762
Vulnerability details
Authentication bypass vulnerability in Xiongmai XM530 IP cameras on Firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06 allows unauthenticated remote attackers to access sensitive device information and live video streams. The ONVIF implementation fails to enforce authentication on 31 critical endpoints, enabling direct unauthorized video…
more
stream access.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is an authentication bypass in a public-facing IP camera's ONVIF endpoints, directly enabling exploitation of a public-facing application for unauthorized access to sensitive data and video streams.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires identifying, authorizing, and monitoring actions permitted without identification or authentication, preventing exposure of the 31 critical ONVIF endpoints lacking enforcement.
Mandates enforcement of approved access authorizations for system resources, directly countering the authentication bypass on sensitive device information and video streams.
Requires unique identification and authentication for non-organizational users, mitigating unauthenticated remote attacker access to the vulnerable IP camera endpoints.