CVE-2025-12351
6.8
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
Honeywell S35 Series Cameras contains an authorization bypass Vulnerability through User controller key. An attacker could potentially exploit this vulnerability, leading to Privilege Escalation to admin privileged functionalities . Honeywell also recommends updating to the most recent version of this product, service or offering (S35 Pinhole/Kit Camera to version 2025.08.28, S35 AI Fisheye & Dual Sensor/Micro Dome/Full Color Eyeball & Bullet Camera to version 2025.08.22, S35 Thermal Camera to version 2025.08.26).
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Honeywell | S35 3M/5M/8M/Pinhole/Kit Camera | 2022.02.28 < 2025.08.28 | affected |
| Honeywell | S35 AI Fisheye&Dual Sensor/Micro Dome/Full Color Eyeball&Bullet Camera | 2024.08.10 < 2025.08.22 | affected |
| Honeywell | S35 Thermal Camera | 2024.10.21 < 2025.08.26 | affected |
Weaknesses
- CWE-639: CWE-639 Authorization Bypass Through User-Controlled Key
- CWE-668: CWE-668 Exposure of Resource to Wrong Sphere
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.