{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-52601","assignerOrgId":"fc9afe74-3f80-4fb7-a313-e6f036a89882","state":"PUBLISHED","assignerShortName":"Hanwha_Vision","dateReserved":"2025-06-18T07:10:49.611Z","datePublished":"2025-12-26T04:29:25.830Z","dateUpdated":"2025-12-26T19:27:44.838Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Device Manager","vendor":"Hanwha Vision Co., Ltd.","versions":[{"status":"affected","version":"prior to version 2.9.3.1"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<div><div>Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered a vulnerability in Device Manager that a hardcoded encryption key for sensitive information. An attacker can use key to decrypt sensitive information. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.</div></div>"}],"value":"Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered a vulnerability in Device Manager that a hardcoded encryption key for sensitive information. An attacker can use key to decrypt sensitive information. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds."}],"impacts":[{"capecId":"CAPEC-116","descriptions":[{"lang":"en","value":"CAPEC-116 Excavation"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"LOCAL","baseScore":6.3,"baseSeverity":"MEDIUM","exploitMaturity":"NOT_DEFINED","privilegesRequired":"LOW","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-321","description":"CWE-321: Use of Hard-coded Cryptographic Key","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"fc9afe74-3f80-4fb7-a313-e6f036a89882","shortName":"Hanwha_Vision","dateUpdated":"2025-12-26T04:29:25.830Z"},"references":[{"url":"https://www.hanwhavision.com/wp-content/uploads/2025/12/Camera-Vulnerability-ReportCVE-2025-5259852601-8075.pdf"}],"source":{"discovery":"UNKNOWN"},"title":"Hardcoding sensitive information","x_generator":{"engine":"Vulnogram 0.5.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-12-26T19:27:38.620344Z","id":"CVE-2025-52601","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-12-26T19:27:44.838Z"}}]}}