CVE-2025-8760
Published: 13 August 2025
Summary
CVE-2025-8760 is a critical-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Modzero (inferred from references). Its CVSS base score is 9.3 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 22.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
A vulnerability identified as CVE-2025-8760 affects INSTAR 2K+ and 4K cameras running firmware version 3.11.1 Build 1124. It resides in the base64_decode function within the fcgi_server component, where improper handling of the Authorization argument triggers a buffer overflow. The flaw is reachable over the network and is tracked under CWE-119 and CWE-120, receiving a CVSS 4.0 score of 9.3 reflecting high impact on confidentiality, integrity, and availability.
Remote unauthenticated attackers can supply a crafted Authorization header to trigger the overflow, enabling arbitrary code execution or denial of service without user interaction. The attack requires no privileges and can be launched directly against exposed devices.
The EPSS score remains low and unchanged at 0.0101 with no observed rise after disclosure. Public references point to a modzero advisory and VulDB entries, but no specific patch or mitigation details are provided in the available information.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-24545
Vulnerability details
A vulnerability was identified in INSTAR 2K+ and 4K 3.11.1 Build 1124. This affects the function base64_decode of the component fcgi_server. The manipulation of the argument Authorization leads to buffer overflow. It is possible to initiate the attack remotely.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated remote buffer overflow in network-exposed fcgi_server component directly enables initial access via exploitation of a public-facing application.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the buffer overflow flaw in the base64_decode function of fcgi_server by identifying, patching, and verifying fixes.
Validates the Authorization argument at input points to block malformed base64 payloads that trigger the buffer overflow.
Deploys memory safeguards like ASLR and DEP to prevent unauthorized code execution from the buffer overflow exploitation.