Which versions of NOYAFA are affected by EUVD-2025-18962?

Organizations using NOYAFA/Xiami LF9 Pro should be aware of moderate risk from CVE-2025-6532 rated CVSS 4.3. Exploitation could compromise the security of affected deployments.

Is there a public PoC exploit available for EUVD-2025-18962?

Yes, a public proof-of-concept exploit is available for EUVD-2025-18962. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate EUVD-2025-18962?

Within 30 days: Identify affected systems running NOYAFA/Xiami LF9 Pro and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

NOYAFA EUVD-2025-18962

Q: What is the CVSS score of EUVD-2025-18962?

EUVD-2025-18962 has a CVSS 4.0 base score of 2.1 (Low). CVSS vector: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

| CVE-2025-6532 LOW

Incorrect Privilege Assignment (CWE-266)

2025-06-24 cna@vuldb.com

Information Disclosure

2.1

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

2.1 LOW

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Severity Changed

Apr 29, 2026 - 01:11 NVD

MEDIUM LOW

CVSS changed

Apr 29, 2026 - 01:11 NVD

4.3 (MEDIUM) 2.1 (LOW)

EUVD ID Assigned

Mar 15, 2026 - 22:36 euvd

EUVD-2025-18962

Analysis Generated

Mar 15, 2026 - 22:36 vuln.today

PoC Detected

Oct 01, 2025 - 19:49 vuln.today

Public exploit code

CVE Published

Jun 24, 2025 - 00:15 nvd

MEDIUM 4.3

DescriptionCVE.org

A vulnerability classified as problematic was found in NOYAFA/Xiami LF9 Pro up to 20250611. Affected by this vulnerability is an unknown functionality of the component RTSP Live Video Stream Endpoint. The manipulation leads to improper access controls. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. This dashcam is distributed by multiple resellers and different names.

AnalysisAI

A security vulnerability in NOYAFA/Xiami LF9 Pro (CVSS 4.3). Risk factors: public PoC available.

Technical ContextAI

Vulnerability type not specified by vendor. Affects NOYAFA/Xiami LF9 Pro.

RemediationAI

Monitor vendor channels for patch availability.

EUVD-2025-18962 vulnerability details – vuln.today

Back