What is the CVSS score of CVE-2025-65857?

CVE-2025-65857 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.1%.

Which versions of Xiongmai XM530 IP Camera are affected by CVE-2025-65857?

Xiongmai XM530 IP cameras (firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06) expose live RTSP video streams via the GetStreamUri ONVIF endpoint using hardcoded credentials, allowing…

Is there a public PoC exploit available for CVE-2025-65857?

Yes, a public proof-of-concept exploit is available for CVE-2025-65857. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2025-65857?

Within 24 hours: Identify and inventory all Xiongmai XM530 cameras on the network; isolate any internet-facing instances from external access immediately via firewall rules or network segmentation. Within 7 days: Contact Xiongmai for firmware update availability and schedule testing in a non-production environment; implement network access controls restricting ONVIF endpoints (port 8080) to trusted management systems only. Within 30 days: Deploy updated firmware (version to be confirmed with vendor) to all affected cameras; conduct a review of historical access logs for unauthorized RTSP stream access.

Xiongmai XM530 IP Camera CVE-2025-65857

HIGH

Exposure of Private Personal Information to an Unauthorized Actor (CWE-359)

2025-12-22 cve@mitre.org

Authentication Bypass Xm530V200 X6 Weq 8M Firmware

7.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.5 HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

May 07, 2026 - 19:45 vuln.today

CVE Published

Dec 22, 2025 - 22:16 nvd

HIGH 7.5

DescriptionCVE.org

An issue was discovered in Xiongmai XM530 IP cameras on firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. The GetStreamUri exposes RTSP URIs containing hardcoded credentials enabling direct unauthorized video stream access.

AnalysisAI

GetStreamUri ONVIF endpoint in Xiongmai XM530 IP cameras exposes RTSP video streams with hardcoded credentials, allowing remote unauthenticated attackers to view live camera feeds without authentication. Affects firmware version V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. Publicly available exploit code exists demonstrating credential extraction and direct stream access. EPSS data not available, but the combination of network-accessible attack vector (AV:N), no authentication requirement (PR:N), and public POC creates immediate risk for exposed internet-facing cameras.

Technical ContextAI

This vulnerability stems from CWE-359 (Exposure of Private Personal Information to an Unauthorized Actor) in the ONVIF protocol implementation. ONVIF (Open Network Video Interface Forum) is a standardized protocol for IP-based security cameras that includes GetStreamUri as a service method to retrieve streaming media URIs. The Xiongmai implementation violates security principles by embedding static credentials directly in the returned RTSP (Real-Time Streaming Protocol) URIs instead of requiring proper authentication flows. The CPE identifier specifies the XM530V200_X6-WEQ_8M hardware model running the vulnerable firmware build. RTSP typically operates on ports 554 or 8554, and the hardcoded credentials allow immediate stream access bypassing all authentication mechanisms.

RemediationAI

Vendor patch status is UNKNOWN - the Xiongmai service notice referenced does not contain confirmed fix version details based on available data. Immediate compensating controls: (1) Isolate affected cameras on dedicated non-routable VLANs with firewall rules blocking internet access and permitting only authorized VMS/NVR access on ports 554/8554 (trade-off: requires network infrastructure changes, may break remote viewing requirements). (2) Disable ONVIF service entirely if not required for integration, preventing GetStreamUri exposure (trade-off: loss of ONVIF-dependent features like auto-discovery and third-party VMS compatibility). (3) Implement network-level authentication via reverse proxy or VPN gateway for all camera access (trade-off: added complexity and potential performance overhead). (4) Deploy network intrusion detection to alert on unauthorized RTSP connections. Exploit demonstration available at https://luismirandaacebedo.github.io/CVE-2025-65857/ should be reviewed to understand exact attack mechanics. Firmware upgrade path should be confirmed directly with Xiongmai technical support.

CVE-2025-65857 vulnerability details – vuln.today

Back

Xiongmai XM530 IP Camera CVE-2025-65857

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code