CVE-2025-12636

Summary

The Ubia camera ecosystem fails to adequately secure API credentials, potentially enabling an attacker to connect to backend services. The attacker would then be able to gain unauthorized access to available cameras, enabling the viewing of live feeds or modification of settings.

Affected Software

VendorProductVersion RangeStatus
UbiaUbox Android0 < January 15, 2026affected
UbiaUbox IOS0 < January 15, 2026affected

Weaknesses

  • CWE-522: CWE-522

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References