Cyber Resilience

CVE-2025-69986

High

Published: 27 March 2026

Published
27 March 2026
Modified
30 March 2026
KEV Added
Patch
CVSS Score v3.1 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0020 42.6th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-69986 is a high-severity Improper Input Validation (CWE-20) vulnerability. Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 42.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

A buffer overflow vulnerability, designated CVE-2025-69986, affects the ONVIF GetStreamUri function in LSC Indoor Camera version V7.6.32. The flaw arises from the application's failure to properly validate the length of the Protocol parameter within the Transport element of a SOAP request. An oversized protocol string in a specially crafted request can trigger a stack buffer overflow, overwriting the return instruction pointer (RIP) and leading to either denial of service through device crash or remote code execution within the context of the ONVIF service. The vulnerability is associated with CWE-20 (Improper Input Validation) and CWE-121 (Stack-based Buffer Overflow), with a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

Exploitation requires network access and high privileges (PR:H), allowing a privileged attacker to send the malicious SOAP request over the network with low complexity and no user interaction. Successful exploitation can result in denial of service by crashing the device or remote code execution with high confidentiality, integrity, and availability impacts in the ONVIF service context.

Details on the vulnerability, including the security research, are available in the advisory at https://github.com/victorGoeman/LSC-Indoor-Camera-Security-Research/blob/main/CVE-2025-69986.md. No specific patches or mitigations are detailed in the provided information.

EU & UK References

Vulnerability details

A buffer overflow vulnerability exists in the ONVIF GetStreamUri function of LSC Indoor Camera V7.6.32. The application fails to validate the length of the Protocol parameter inside the Transport element. By sending a specially crafted SOAP request containing an oversized…

more

protocol string, an attacker can overflow the stack buffer, overwriting the return instruction pointer (RIP). This vulnerability allows for Denial of Service (DoS) via device crash or Remote Code Execution (RCE) in the context of the ONVIF service.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Buffer overflow in network-exposed ONVIF SOAP service directly enables remote exploitation for RCE or DoS on a public-facing device.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-4755Shared CWE-20
CVE-2025-69764Shared CWE-121
CVE-2025-54491Shared CWE-121
CVE-2025-12275Shared CWE-20
CVE-2024-50694Shared CWE-121
CVE-2025-70232Shared CWE-121
CVE-2025-21344Shared CWE-20
CVE-2025-28135Shared CWE-121
CVE-2026-2880Shared CWE-20
CVE-2025-1514Shared CWE-20

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the improper input validation of the Protocol parameter length in ONVIF SOAP requests, preventing the stack buffer overflow.

prevent

Provides memory protections such as stack canaries or DEP to mitigate exploitation of the buffer overflow for RCE by preventing control flow hijacking.

prevent

Requires identification, reporting, and correction of the buffer overflow flaw in the ONVIF GetStreamUri function through timely patching or remediation.

References