{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-35451","assignerOrgId":"9119a7d8-5eab-497f-8521-727c672e3725","state":"PUBLISHED","assignerShortName":"cisa-cg","dateReserved":"2025-04-15T20:57:14.282Z","datePublished":"2025-09-05T17:43:53.108Z","dateUpdated":"2025-09-08T18:08:29.882Z"},"containers":{"cna":{"descriptions":[{"lang":"en","value":"PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use hard-coded, default administrative credentials. The passwords can readily be cracked. Many cameras have SSH or telnet listening on all interfaces. The passwords cannot be changed by the user, nor can the SSH or telnet service be disabled by the user."}],"affected":[{"vendor":"PTZOptics","product":"PT12X-SE-xx-G3","defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"9.1.43","versionType":"custom"},{"version":"9.1.43","status":"unaffected"}]},{"vendor":"PTZOptics","product":"PT12X-LINK-4K-xx","defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"0.0.63","versionType":"custom"},{"version":"0.0.63","status":"unaffected"}]},{"vendor":"PTZOptics","product":"PT20X-SE-xx-G3","defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"9.1.32","versionType":"custom"},{"version":"9.1.32","status":"unaffected"}]},{"vendor":"PTZOptics","product":"PT20X-LINK-4K-xx","defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"0.0.89","versionType":"custom"},{"version":"0.0.89","status":"unaffected"}]},{"vendor":"PTZOptics","product":"PT-STUDIOPRO","defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"9.0.41","versionType":"custom"},{"version":"9.0.41","status":"unaffected"}]},{"vendor":"PTZOptics","product":"PT30X-SE-xx-G3","defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"9.1.33","versionType":"custom"},{"version":"9.1.33","status":"unaffected"}]},{"vendor":"PTZOptics","product":"PT30X-LINK-4K-xx","defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"2.0.71","versionType":"custom"},{"version":"2.0.71","status":"unaffected"}]},{"vendor":"PTZOptics","product":"PT12X-STUDIO-4K-xx-G3","defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"8.1.90","versionType":"custom"},{"version":"8.1.90","status":"unaffected"}]},{"vendor":"PTZOptics","product":"PT20X-STUDIO-4K-xx-G3","defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"8.1.90","versionType":"custom"},{"version":"8.1.90","status":"unaffected"}]},{"vendor":"PTZOptics","product":"PT12X-SDI/NDI-xx","defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"6.3.70","versionType":"custom"},{"version":"6.3.70","status":"unaffected"}]},{"vendor":"PTZOptics","product":"PT12X-USB-xx","defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"6.2.88","versionType":"custom"},{"version":"6.2.88","status":"unaffected"}]},{"vendor":"PTZOptics","product":"PT20X-SDI/NDI-xx","defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"6.3.27","versionType":"custom"},{"version":"6.3.27","status":"unaffected"}]},{"vendor":"SMTAV","product":"Pan-Tilt-Zoom Cameras","defaultStatus":"unknown","versions":[{"version":"*","status":"affected"}]},{"vendor":"PTZOptics","product":"PT30X-SDI/NDI-xx","defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"6.3.43","versionType":"custom"},{"version":"6.3.43","status":"unaffected"}]},{"vendor":"multiCAM Systems","product":"Pan-Tilt-Zoom Cameras","defaultStatus":"unknown","versions":[{"version":"*","status":"affected"}]},{"vendor":"PTZOptics","product":"VL Fixed Camera/NDI Fixed Camera","defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"7.2.94","versionType":"custom"},{"version":"7.2.94","status":"unaffected"}]},{"vendor":"PTZOptics","product":"12x Fixed Camera/NDI Fixed Camera","defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"7.2.85","versionType":"custom"},{"version":"7.2.85","status":"unaffected"}]},{"vendor":"PTZOptics","product":"20x Fixed Camera/NDI Fixed Camera","defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"7.2.94","versionType":"custom"},{"version":"7.2.94","status":"unaffected"}]},{"vendor":"PTZOptics","product":"EPTZ Fixed Camera/NDI Fixed Camera","defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"8.1.89","versionType":"custom"},{"version":"8.1.89","status":"unaffected"}]},{"vendor":"PTZOptics","product":"HC-EPTZ-NDI","defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"8.2.14","versionType":"custom"},{"version":"8.2.14","status":"unaffected"}]},{"vendor":"PTZOptics","product":"PT12X-4K-xx-G3","defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"0.0.58","versionType":"custom"},{"version":"0.0.58","status":"unaffected"}]},{"vendor":"PTZOptics","product":"PT20X-4K-xx-G3","defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"0.0.85","versionType":"custom"},{"version":"0.0.85","status":"unaffected"}]},{"vendor":"PTZOptics","product":"PT20X-USB-xx","defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"6.2.81","versionType":"custom"},{"version":"6.2.81","status":"unaffected"}]},{"vendor":"PTZOptics","product":"PT30X-4K-xx-G3","defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"2.0.64","versionType":"custom"},{"version":"2.0.64","status":"unaffected"}]},{"vendor":"ValueHD","product":"Pan-Tilt-Zoom Cameras","defaultStatus":"unknown","versions":[{"version":"*","status":"affected"}]}],"problemTypes":[{"descriptions":[{"description":"CWE-798 Use of Hard-coded Credentials","lang":"en","type":"CWE","cweId":"CWE-798"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":9.8,"attackVector":"NETWORK","baseSeverity":"CRITICAL","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"NONE","confidentialityImpact":"HIGH"}},{"cvssV4_0":{"version":"4.0","baseScore":9.3,"attackVector":"NETWORK","baseSeverity":"CRITICAL","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N","userInteraction":"NONE","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","subIntegrityImpact":"NONE","vulnIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","vulnConfidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-09-08T17:57:46.995811Z","id":"CVE-2025-35451","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"Pan-Tilt-Zoom cameras hard-coded default passwords with SSH and telnet enabled","references":[{"name":"url","url":"https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-10"},{"name":"url","url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-162-10.json"},{"name":"url","url":"https://www.cve.org/CVERecord?id=CVE-2025-35451"},{"name":"url","url":"https://www.labs.greynoise.io/grimoire/2024-10-31-sift-0-day-rce/"},{"name":"url","url":"https://www.greynoise.io/blog/greynoise-intelligence-discovers-zero-day-vulnerabilities-in-live-streaming-cameras-with-the-help-of-ai"}],"datePublic":"2025-06-12T00:00:00.000Z","providerMetadata":{"orgId":"9119a7d8-5eab-497f-8521-727c672e3725","shortName":"cisa-cg","dateUpdated":"2025-09-08T17:58:14.754Z"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-09-08T18:08:16.124259Z","id":"CVE-2025-35451","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-09-08T18:08:29.882Z"}}]}}