CVE-2025-12636 MEDIUM

CVE-2025-12636: Ubia Ubox

Vendor Ubia
Product Ubox Android
Weakness CWE-522 · Insufficiently protected credentials
Published November 6, 2025
Last update January 28, 2026

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

The Ubia camera ecosystem fails to adequately secure API credentials, potentially enabling an attacker to connect to backend services. The attacker would then be able to gain unauthorized access to available cameras, enabling the viewing of live feeds or modification of settings.

Key dates

02Disclosure timeline

November 6, 2025 CVE published
January 28, 2026 Record updated