CVE-2025-13658 CRITICAL

CVE-2025-13658: Industrial Video & Control Longwatch has a Code Injection vulnerability

Vendor Industrial Video & Control
Product Longwatch
Weakness CWE-94 · Code injection
Published December 2, 2025
Last update December 2, 2025

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability in Longwatch devices allows unauthenticated HTTP GET requests to execute arbitrary code via an exposed endpoint, due to the absence of code signing and execution controls. Exploitation results in SYSTEM-level privileges.

Key dates

02Disclosure timeline

December 2, 2025 CVE published
December 2, 2025 Record updated