A newly identified vulnerability in Hangzhou Xiongmai Technology’s XM530 IP cameras is posing significant security risks to commercial networks. The flaw, which has been assigned the identifier CVE-2025-65856, enables attackers to bypass authentication protocols entirely, potentially compromising sensitive data.
Critical Security Flaw Discovered
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) highlighted this severe issue with an alert dated April 23, 2026. The core vulnerability arises from a missing authentication check within the camera’s firmware, specifically affecting version V5.00.R02.000807D8.10010. 346624.S. ONVIF_21.06. This oversight allows unauthorized users to gain administrative access without providing valid credentials, earning the flaw a critical CVSS v3 score of 9.8.
By exploiting this vulnerability, attackers can bypass login mechanisms, manipulate camera settings, and extract sensitive information, posing a significant threat to organizations utilizing these devices.
Public Exploit Code Increases Threat Level
Security researcher Luis Miranda Acebedo has developed a Proof of Concept (PoC) exploit for this vulnerability, which has been publicly released. Although there are no current reports of active exploitation, the availability of the PoC significantly raises the potential risk, providing cybercriminals with the tools needed to execute automated attacks.
This situation is particularly concerning due to the widespread deployment of Xiongmai IP cameras in commercial settings worldwide. Many businesses may unknowingly be at risk of unauthorized access and surveillance.
Recommended Security Measures
In response to this threat, CISA recommends urgent defensive measures. Organizations should disconnect control devices from public internet access and ensure camera networks are shielded by robust firewalls. Implementing secure Virtual Private Networks (VPNs) for remote access is crucial, and all VPN software should be kept up to date to thwart secondary attacks.
Conducting thorough risk assessments and impact analyses before adopting new security measures is advised. Additionally, educating employees about the dangers of phishing and other social engineering tactics can help prevent related security breaches.
For ongoing updates on cybersecurity threats, follow us on Google News, LinkedIn, and X. Contact us for more information or to share your cybersecurity stories.
