Cyber Resilience

CVE-2025-8760

Critical

Published: 13 August 2025

Published
13 August 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0101 77.5th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-8760 is a critical-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Modzero (inferred from references). Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 22.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

A vulnerability identified as CVE-2025-8760 affects INSTAR 2K+ and 4K cameras running firmware version 3.11.1 Build 1124. It resides in the base64_decode function within the fcgi_server component, where improper handling of the Authorization argument triggers a buffer overflow. The flaw is reachable over the network and is tracked under CWE-119 and CWE-120, receiving a CVSS 4.0 score of 9.3 reflecting high impact on confidentiality, integrity, and availability.

Remote unauthenticated attackers can supply a crafted Authorization header to trigger the overflow, enabling arbitrary code execution or denial of service without user interaction. The attack requires no privileges and can be launched directly against exposed devices.

The EPSS score remains low and unchanged at 0.0101 with no observed rise after disclosure. Public references point to a modzero advisory and VulDB entries, but no specific patch or mitigation details are provided in the available information.

EU & UK References

Vulnerability details

A vulnerability was identified in INSTAR 2K+ and 4K 3.11.1 Build 1124. This affects the function base64_decode of the component fcgi_server. The manipulation of the argument Authorization leads to buffer overflow. It is possible to initiate the attack remotely.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Unauthenticated remote buffer overflow in network-exposed fcgi_server component directly enables initial access via exploitation of a public-facing application.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-11296Shared CWE-119, CWE-120
CVE-2025-10942Shared CWE-119, CWE-120
CVE-2026-8775Shared CWE-119, CWE-120
CVE-2026-1328Shared CWE-119, CWE-120
CVE-2026-3701Shared CWE-119, CWE-120
CVE-2025-15459Shared CWE-119, CWE-120
CVE-2025-11356Shared CWE-119, CWE-120
CVE-2026-8260Shared CWE-119, CWE-120
CVE-2026-2202Shared CWE-119, CWE-120
CVE-2025-12232Shared CWE-119, CWE-120

Affected Assets

Modzero
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the buffer overflow flaw in the base64_decode function of fcgi_server by identifying, patching, and verifying fixes.

prevent

Validates the Authorization argument at input points to block malformed base64 payloads that trigger the buffer overflow.

prevent

Deploys memory safeguards like ASLR and DEP to prevent unauthorized code execution from the buffer overflow exploitation.

References