CVE-2025-69986
Published: 27 March 2026
Summary
CVE-2025-69986 is a high-severity Improper Input Validation (CWE-20) vulnerability. Its CVSS base score is 7.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 42.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
A buffer overflow vulnerability, designated CVE-2025-69986, affects the ONVIF GetStreamUri function in LSC Indoor Camera version V7.6.32. The flaw arises from the application's failure to properly validate the length of the Protocol parameter within the Transport element of a SOAP request. An oversized protocol string in a specially crafted request can trigger a stack buffer overflow, overwriting the return instruction pointer (RIP) and leading to either denial of service through device crash or remote code execution within the context of the ONVIF service. The vulnerability is associated with CWE-20 (Improper Input Validation) and CWE-121 (Stack-based Buffer Overflow), with a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
Exploitation requires network access and high privileges (PR:H), allowing a privileged attacker to send the malicious SOAP request over the network with low complexity and no user interaction. Successful exploitation can result in denial of service by crashing the device or remote code execution with high confidentiality, integrity, and availability impacts in the ONVIF service context.
Details on the vulnerability, including the security research, are available in the advisory at https://github.com/victorGoeman/LSC-Indoor-Camera-Security-Research/blob/main/CVE-2025-69986.md. No specific patches or mitigations are detailed in the provided information.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-209095
Vulnerability details
A buffer overflow vulnerability exists in the ONVIF GetStreamUri function of LSC Indoor Camera V7.6.32. The application fails to validate the length of the Protocol parameter inside the Transport element. By sending a specially crafted SOAP request containing an oversized…
more
protocol string, an attacker can overflow the stack buffer, overwriting the return instruction pointer (RIP). This vulnerability allows for Denial of Service (DoS) via device crash or Remote Code Execution (RCE) in the context of the ONVIF service.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in network-exposed ONVIF SOAP service directly enables remote exploitation for RCE or DoS on a public-facing device.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly addresses the improper input validation of the Protocol parameter length in ONVIF SOAP requests, preventing the stack buffer overflow.
Provides memory protections such as stack canaries or DEP to mitigate exploitation of the buffer overflow for RCE by preventing control flow hijacking.
Requires identification, reporting, and correction of the buffer overflow flaw in the ONVIF GetStreamUri function through timely patching or remediation.