How to fix CVE-2025-35451?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. Audit authentication configurations and rotate any potentially compromised credentials.

Is Pt12X Sdi Xx G2 Firmware affected by CVE-2025-35451?

CVE-2025-35451 presents critical security risk, a hard-coded credentials vulnerability rated CVSS 9.3. Successful exploitation could allow attackers to execute arbitrary code or commands on affected systems, potentially leading to full system compromise.

CVE-2025-35451

CRITICAL

2025-09-05 9119a7d8-5eab-497f-8521-727c672e3725

Authentication Bypass Pt12X Sdi Xx G2 Firmware Pt12X Ndi Xx Firmware Pt12X Usb Xx G2 Firmware Pt20X Sdi Xx G2 Firmware Pt20X Ndi Xx Firmware Pt20X Usb Xx G2 Firmware Pt30X Sdi Xx G2 Firmware Pt30X Ndi Xx Firmware Pt12X Zcam Firmware Pt20X Zcam Firmware Ptvl Zcam Firmware Pteptz Zcam G2 Firmware Pteptz Ndi Zcam G2 Firmware Vl Fixed Camera Firmware Ndi Fixed Camera Firmware Mcamii Ptz Firmware Ba30S Firmware Ba20S Firmware Bv20S Firmware Bx30S Firmware Bx20N Firmware Bx20Uhd N Firmware Bx20Uhd Firmware Ba30 N Firmware Ba20 N Firmware Ba12 N Firmware Hd17H N Firmware Bx20S Sh Firmware Hd17H Firmware Bv30S Firmware Ba12S Firmware Vx90 Firmware Vx720L Firmware Vx752Ag Firmware Vx752A Firmware Vx751Ba Firmware Vx630Al Firmware Vx61Asl Firmware Vx61Basl Firmware Vx60Asl Firmware Vx61Al Firmware Vx60Al Firmware Vx701Ra Firmware Vx701Ta Firmware Vx800I2 Firmware V61W Firmware V63Xl Firmware V60Xl Firmware Vx70Uvs Firmware Vx71Uvs Firmware V71Uvs Firmware

9.3

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 19:10 vuln.today

PoC Detected

Jan 14, 2026 - 15:33 vuln.today

Public exploit code

CVE Published

Sep 05, 2025 - 18:15 nvd

CRITICAL 9.3

DescriptionNVD

PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use hard-coded, default administrative credentials. The passwords can readily be cracked. Many cameras have SSH or telnet listening on all interfaces. The passwords cannot be changed by the user, nor can the SSH or telnet service be disabled by the user.

AnalysisAI

PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use hard-coded, default administrative credentials. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Use of Hard-coded Credentials (CWE-798), which allows attackers to gain access using credentials embedded in source code. PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use hard-coded, default administrative credentials. The passwords can readily be cracked. Many cameras have SSH or telnet listening on all interfaces. The passwords cannot be changed by the user, nor can the SSH or telnet service be disabled by the user. Affected products include: Ptzoptics Pt12X-Sdi-Xx-G2 Firmware, Ptzoptics Pt12X-Ndi-Xx Firmware, Ptzoptics Pt12X-Usb-Xx-G2 Firmware, Ptzoptics Pt20X-Sdi-Xx-G2 Firmware, Ptzoptics Pt20X-Ndi-Xx Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Remove hard-coded credentials, use environment variables or secrets management, rotate exposed credentials immediately.

CVE-2025-35451 vulnerability details – vuln.today

Back

CVE-2025-35451

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

CVE-2025-35451

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code