CVE-2025-31702 MEDIUM

CVE-2025-31702

Vendor Dahua
Product IPC
Weakness CWE-732
Published October 15, 2025
Last update October 15, 2025

CVSS base score

6.8/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

A vulnerability exists in certain Dahua embedded products. Third-party malicious attacker with obtained normal user credentials could exploit the vulnerability to access certain data which are restricted to admin privileges, such as system-sensitive files through specific HTTP request. This may cause tampering with admin password, leading to privilege escalation. Systems with only admin account are not affected.

Key dates

02Disclosure timeline

October 15, 2025 CVE published
October 15, 2025 Record updated