CVE-2025-64770 HIGH

CVE-2025-64770: Missing Authentication for ONVIF in iCam Cameras

Vendor Icam365
Product P201
Weakness CWE-306 · Missing auth
Published November 20, 2025
Last update November 21, 2025

CVSS base score

7.0/10
Attack vector Adjacent
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

The affected products allow unauthenticated access to Open Network Video Interface Forum (ONVIF) services, which may allow an attacker unauthorized access to camera configuration information.

Key dates

02Disclosure timeline

November 20, 2025 CVE published
November 21, 2025 Record updated