CVE 9.3 CRITICAL

Industrial Video & Control Longwatch has a Code Injection vulnerability_CVE-2025-13658

December 2, 2025 invoker category_cve

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

A vulnerability in Longwatch devices allows unauthenticated HTTP GET requests to execute arbitrary code via an exposed endpoint, due to the absence of code signing and execution controls. Exploitation results in SYSTEM-level privileges.

AI Analysis

Code Injection vulnerability allowing unauthenticated HTTP GET requests to execute arbitrary code via an exposed endpoint

Basic Information

ID CVE-2025-13658

Source icscert

Published Dec 2, 2025 at 19:35

Modified Dec 2, 2025 at 21:41

Affected Product

Vendor Industrial Video & Control

Product Longwatch

Version 6.309

Affected Versions Industrial Video & Control Longwatch 6.309

CWE Classification

CWE-94

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor Industrial Video & Control

Product Longwatch

Version 6.309

References

www.cisa.gov /news-events/ics-advisories/icsa-25-336-01

{
    "lastseen": "",
    "description": "A vulnerability in Longwatch devices allows unauthenticated HTTP GET requests to execute arbitrary code via an exposed endpoint, due to the absence of code signing and execution controls. Exploitation results in SYSTEM-level privileges.",
    "published": "2025-12-02T19:35:59.252Z",
    "modified": "2025-12-02T21:41:24.753Z",
    "type": "cve",
    "title": "Industrial Video & Control Longwatch has a Code Injection vulnerability",
    "source": "icscert",
    "references": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-336-01",
    "id": "CVE-2025-13658",
    "bulletinFamily": "",
    "cwe": [
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "Industrial Video & Control Longwatch 6.309",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Longwatch",
    "version": "6.309",
    "vendor": "Industrial Video & Control",
    "ai_description": "Code Injection vulnerability allowing unauthenticated HTTP GET requests to execute arbitrary code via an exposed endpoint",
    "ai_severity": "Critical",
    "ai_vendor": "Industrial Video & Control",
    "ai_product": "Longwatch",
    "ai_version": "6.309",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply