CVE-2025-12351 MEDIUM

CVE-2025-12351: Inadequate access control measure allows unauthorized users to access restricted administrative functions

Vendor Honeywell
Product S35 3M/5M/8M/Pinhole/Kit Camera
Weakness CWE-639 · IDOR
Published October 27, 2025
Last update October 27, 2025

CVSS base score

6.8/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

Honeywell S35 Series Cameras contains an authorization bypass Vulnerability through User controller key. An attacker could potentially exploit this vulnerability, leading to Privilege Escalation to admin privileged functionalities . Honeywell also recommends updating to the most recent version of this product, service or offering (S35 Pinhole/Kit Camera to version 2025.08.28, S35 AI Fisheye & Dual Sensor/Micro Dome/Full Color Eyeball & Bullet Camera to version 2025.08.22, S35 Thermal Camera to version 2025.08.26).

Key dates

02Disclosure timeline

October 27, 2025 CVE published
October 27, 2025 Record updated