Ubia Ubox_CVE-2025-12636

6.5 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Description

The Ubia camera ecosystem fails to adequately secure API credentials,
potentially enabling an attacker to connect to backend services. The
attacker would then be able to gain unauthorized access to available
cameras, enabling the viewing of live feeds or modification of settings.

Basic Information

ID CVE-2025-12636

Source icscert

Published Nov 6, 2025 at 22:15

Modified Nov 6, 2025 at 22:53

Affected Product

Vendor Ubia

Product Ubox

Version v1.1.124

Affected Versions Ubia Ubox v1.1.124

CWE Classification

CWE-522

References

{
    "lastseen": "",
    "description": "The Ubia camera ecosystem fails to adequately secure API credentials, \npotentially enabling an attacker to connect to backend services. The \nattacker would then be able to gain unauthorized access to available \ncameras, enabling the viewing of live feeds or modification of settings.",
    "published": "2025-11-06T22:15:01.130Z",
    "modified": "2025-11-06T22:53:41.808Z",
    "type": "cve",
    "title": "Ubia Ubox",
    "source": "icscert",
    "references": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-310-02\nhttps://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-310-02.json",
    "id": "CVE-2025-12636",
    "bulletinFamily": "",
    "cwe": [
        "CWE-522"
    ],
    "cvelist": null,
    "sourceData": "Ubia Ubox v1.1.124",
    "sourceHref": "",
    "cvss": {
        "score": 6.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Ubox",
    "version": "v1.1.124",
    "vendor": "Ubia",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}