CVE 8.7 HIGH

Multiple vulnerabilities in DFUSION by Davantis_CVE-2025-41016

November 24, 2025 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Description

Inadequate access control vulnerability in Davantis DFUSION v6.177.7, which allows unauthorised actors to extract images and videos related to alarm events through access to "/alarms/\u003cALARM_ID\u003e/\u003cMEDIA\u003e", where the "MEDIA" parameter can take the value of "snapshot" or "video.mp4$. These media files contain images recorded by security cameras in response to triggered alerts.

AI Analysis

Inadequate access control vulnerability allowing unauthorized access to alarm event media files

Basic Information

ID CVE-2025-41016

Source INCIBE

Published Nov 24, 2025 at 12:18

Modified Nov 24, 2025 at 13:11

Affected Product

Vendor Davantis

Product DFUSION

Version prior to 6.186.1

Affected Versions Davantis DFUSION prior to 6.186.1

CWE Classification

CWE-862

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Davantis

Product DFUSION

Version prior to 6.186.1

References

www.incibe.es /en/incibe-cert/notices/aviso/multiple-vulnerabilities-dfusion-davantis

{
    "lastseen": "",
    "description": "Inadequate access control vulnerability in Davantis DFUSION v6.177.7, which allows unauthorised actors to extract images and videos related to alarm events through access to \"/alarms/\\u003cALARM_ID\\u003e/\\u003cMEDIA\\u003e\", where the \"MEDIA\" parameter can take the value of \"snapshot\" or \"video.mp4$. These media files contain images recorded by security cameras in response to triggered alerts.",
    "published": "2025-11-24T12:18:45.678Z",
    "modified": "2025-11-24T13:11:29.745Z",
    "type": "cve",
    "title": "Multiple vulnerabilities in DFUSION by Davantis",
    "source": "INCIBE",
    "references": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-dfusion-davantis",
    "id": "CVE-2025-41016",
    "bulletinFamily": "",
    "cwe": [
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "Davantis DFUSION prior to 6.186.1",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "DFUSION",
    "version": "prior to 6.186.1",
    "vendor": "Davantis",
    "ai_description": "Inadequate access control vulnerability allowing unauthorized access to alarm event media files",
    "ai_severity": "High",
    "ai_vendor": "Davantis",
    "ai_product": "DFUSION",
    "ai_version": "prior to 6.186.1",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply