CVE 8.7 HIGH

Improper Neutralization of Wildcards or Matching Symbols in CloudEdge Online Cameras and App_CVE-2025-11757

October 21, 2025 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Description

The CloudEdge Cloud does not sanitize the MQTT topic input, which could allow an attacker to leverage the MQTT wildcard to receive all the messages that should be delivered to other users by subscribing to the a MQTT topic. In these messages, the attacker can obtain the credentials and key information to connect to the cameras from peer to peer.

AI Analysis

Improper neutralization of wildcards in CloudEdge App allows attackers to obtain credentials and key information.

Basic Information

ID CVE-2025-11757

Source icscert

Published Oct 21, 2025 at 17:24

Modified Oct 21, 2025 at 18:29

Affected Product

Vendor CloudEdge

Product CloudEdge App

Version 4.4.2

Affected Versions CloudEdge CloudEdge App 4.4.2

CWE Classification

CWE-155

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor CloudEdge

Product CloudEdge App

Version 4.4.2

References

www.cisa.gov /news-events/ics-advisories/icsa-25-294-05

{
    "lastseen": "",
    "description": "The CloudEdge Cloud does not sanitize the MQTT topic input, which could allow an attacker to leverage the MQTT wildcard to receive all the messages that should be delivered to other users by subscribing to the a MQTT topic. In these messages, the attacker can obtain the credentials and key information to connect to the cameras from peer to peer.",
    "published": "2025-10-21T17:24:54.398Z",
    "modified": "2025-10-21T18:29:00.590Z",
    "type": "cve",
    "title": "Improper Neutralization of Wildcards or Matching Symbols in CloudEdge Online Cameras and App",
    "source": "icscert",
    "references": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-294-05",
    "id": "CVE-2025-11757",
    "bulletinFamily": "",
    "cwe": [
        "CWE-155"
    ],
    "cvelist": null,
    "sourceData": "CloudEdge CloudEdge App 4.4.2",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "CloudEdge App",
    "version": "4.4.2",
    "vendor": "CloudEdge",
    "ai_description": "Improper neutralization of wildcards in CloudEdge App allows attackers to obtain credentials and key information.",
    "ai_severity": "High",
    "ai_vendor": "CloudEdge",
    "ai_product": "CloudEdge App",
    "ai_version": "4.4.2",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply