CVE-2025-66049
Published: 09 January 2026
Summary
CVE-2025-66049 is a high-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Vivotek Ip7137 Firmware. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 21.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Requires established identification and authentication to unlock, mitigating missing authentication for continued system access.
Requiring identification and rationale for actions allowed without authentication ensures critical functions are not left unprotected by forcing review of authentication requirements.
Authorizing mobile device connections to organizational systems ensures authentication is performed for this critical access function.
Guarantees critical functions are protected by mandatory invocation of the access control mechanism.
Auditing sessions makes it possible to detect access to critical functions without required authentication.
The assessment process confirms authentication is present and effective for critical functions, preventing exploitation from missing authentication.
Certification assesses that critical functions have required authentication controls in place.
Disabling non-essential functions and services eliminates the need to secure them, reducing exposure from missing authentication on unnecessary components.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Missing authentication on public RTSP service directly enables remote exploitation of a network-exposed device (T1190) to capture live video feeds (T1125).
NVD Description
Vivotek IP7137 camera with firmware version 0200a is vulnerable to an information disclosure issue where live camera footage can be accessed through the RTSP protocol on port 8554 without requiring authentication. This allows unauthorized users with network access to view…
more
the camera's feed, potentially compromising user privacy and security. The vendor has not replied to the CNA. Possibly all firmware versions are affected. Since the product has met End-Of-Life phase, a fix is not expected to be released.
Deeper analysisAI
CVE-2025-66049 is an information disclosure vulnerability affecting the Vivotek IP7137 IP camera running firmware version 0200a. The issue stems from a lack of authentication in the RTSP protocol service listening on TCP port 8554, enabling unauthorized access to live camera footage. This flaw, classified under CWE-306 (Missing Authentication for Critical Function), has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high confidentiality impact with low complexity and no privileges required.
Any attacker with network access to the affected camera can exploit this vulnerability by connecting to port 8554 via RTSP, bypassing authentication entirely to stream and view real-time video feeds. No user interaction or special privileges are needed, making it remotely exploitable over the network. Successful exploitation compromises user privacy and physical security by exposing potentially sensitive surveillance footage.
The sole advisory reference at https://cert.pl/posts/2026/01/CVE-2025-66049 notes that the vendor has not responded to the CNA, and all firmware versions may be affected. As the IP7137 has reached end-of-life, no patches or fixes are expected, leaving mitigation reliant on network segmentation, firewall rules blocking port 8554, or device replacement.
Details
- CWE(s)