CVE-2025-12351

Summary

Honeywell S35 Series Cameras contains an authorization bypass Vulnerability through User controller key. An attacker could potentially exploit this vulnerability, leading to Privilege Escalation to admin privileged functionalities . Honeywell also recommends updating to the most recent version of this product, service or offering (S35 Pinhole/Kit Camera to version 2025.08.28, S35 AI Fisheye & Dual Sensor/Micro Dome/Full Color Eyeball & Bullet Camera to version 2025.08.22, S35 Thermal Camera to version 2025.08.26).

Affected Software

VendorProductVersion RangeStatus
HoneywellS35 3M/5M/8M/Pinhole/Kit Camera2022.02.28 < 2025.08.28affected
HoneywellS35 AI Fisheye&Dual Sensor/Micro Dome/Full Color Eyeball&Bullet Camera2024.08.10 < 2025.08.22affected
HoneywellS35 Thermal Camera2024.10.21 < 2025.08.26affected

Weaknesses

  • CWE-639: CWE-639 Authorization Bypass Through User-Controlled Key
  • CWE-668: CWE-668 Exposure of Resource to Wrong Sphere

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References