1. Home
  2. Vulnerabilities
  3. CVE-2025-35451
9.8
CRITICAL CVSS 3.1
CVE-2025-35451
Pan-Tilt-Zoom cameras hard-coded default passwords with SSH and telnet enabled
Description

PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use hard-coded, default administrative credentials. The passwords can readily be cracked. Many cameras have SSH or telnet listening on all interfaces. The passwords cannot be changed by the user, nor can the SSH or telnet service be disabled by the user.

INFO

Published Date :

Sept. 5, 2025, 6:15 p.m.

Last Modified :

Jan. 14, 2026, 3:33 p.m.

Remotely Exploit :

Yes !

Source :

9119a7d8-5eab-497f-8521-727c672e3725
Affected Products

The following products are affected by CVE-2025-35451 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Ptzoptics pt12x-sdi-xx-g2_firmware
2 Ptzoptics pt12x-sdi-xx-g2
3 Ptzoptics pt12x-ndi-xx_firmware
4 Ptzoptics pt12x-ndi-xx
5 Ptzoptics pt12x-usb-xx-g2_firmware
6 Ptzoptics pt12x-usb-xx-g2
7 Ptzoptics pt20x-sdi-xx-g2_firmware
8 Ptzoptics pt20x-sdi-xx-g2
9 Ptzoptics pt20x-usb-xx-g2_firmware
10 Ptzoptics pt20x-usb-xx-g2
11 Ptzoptics pt30x-sdi-xx-g2_firmware
12 Ptzoptics pt30x-sdi-xx-g2
13 Ptzoptics pt30x-ndi-xx_firmware
14 Ptzoptics pt30x-ndi-xx
15 Ptzoptics pt12x-zcam_firmware
16 Ptzoptics pt12x-zcam
17 Ptzoptics pt20x-zcam_firmware
18 Ptzoptics pt20x-zcam
19 Ptzoptics ptvl-zcam_firmware
20 Ptzoptics ptvl-zcam
21 Ptzoptics pteptz-zcam-g2_firmware
22 Ptzoptics pteptz-zcam-g2
23 Ptzoptics pteptz-ndi-zcam-g2
24 Ptzoptics pt12x-4k-xx-g3_firmware
25 Ptzoptics pt20x-4k-xx-g3_firmware
26 Ptzoptics pt30x-4k-xx-g3_firmware
27 Ptzoptics pt12x-link-4k-xx_firmware
28 Ptzoptics pt20x-link-4k-xx_firmware
29 Ptzoptics pt30x-link-4k-xx_firmware
30 Ptzoptics pt12x-se-xx-g3_firmware
31 Ptzoptics pt20x-se-xx-g3_firmware
32 Ptzoptics pt30x-se-xx-g3_firmware
33 Ptzoptics pt-studiopro_firmware
34 Ptzoptics vl_fixed_camera_firmware
35 Ptzoptics vl_fixed_camera
36 Ptzoptics ndi_fixed_camera_firmware
37 Ptzoptics ndi_fixed_camera
38 Ptzoptics pt20x-ndi-xx_firmware
39 Ptzoptics pt20x-ndi-xx
40 Ptzoptics pteptz-ndi-zcam-g2_firmware
1 Valuehd vx90_firmware
2 Valuehd vx90
3 Valuehd vx720l_firmware
4 Valuehd vx720l
5 Valuehd vx752ag_firmware
6 Valuehd vx752ag
7 Valuehd vx752a_firmware
8 Valuehd vx752a
9 Valuehd vx751ba_firmware
10 Valuehd vx751ba
11 Valuehd vx630al_firmware
12 Valuehd vx630al
13 Valuehd vx61asl_firmware
14 Valuehd vx61asl
15 Valuehd vx61basl_firmware
16 Valuehd vx61basl
17 Valuehd vx60asl_firmware
18 Valuehd vx60asl
19 Valuehd vx61al_firmware
20 Valuehd vx61al
21 Valuehd vx60al_firmware
22 Valuehd vx60al
23 Valuehd vx701ra_firmware
24 Valuehd vx701ra
25 Valuehd vx701ta_firmware
26 Valuehd vx701ta
27 Valuehd vx800i2_firmware
28 Valuehd vx800i2
29 Valuehd v61w_firmware
30 Valuehd v61w
31 Valuehd v63xl_firmware
32 Valuehd v63xl
33 Valuehd v60xl_firmware
34 Valuehd v60xl
35 Valuehd vx70uvs_firmware
36 Valuehd vx70uvs
37 Valuehd vx71uvs_firmware
38 Valuehd vx71uvs
39 Valuehd v71uvs_firmware
40 Valuehd v71uvs
1 Smtav ba30s_firmware
2 Smtav ba30s
3 Smtav ba20s_firmware
4 Smtav ba20s
5 Smtav bv20s_firmware
6 Smtav bv20s
7 Smtav bx30s_firmware
8 Smtav bx30s
9 Smtav bx20n_firmware
10 Smtav bx20n
11 Smtav bx20uhd-n_firmware
12 Smtav bx20uhd-n
13 Smtav bx20uhd_firmware
14 Smtav bx20uhd
15 Smtav ba30-n_firmware
16 Smtav ba30-n
17 Smtav ba20-n_firmware
18 Smtav ba20-n
19 Smtav ba12-n_firmware
20 Smtav ba12-n
21 Smtav hd17h-n_firmware
22 Smtav hd17h-n
23 Smtav bx20s-sh_firmware
24 Smtav bx20s-sh
25 Smtav hd17h_firmware
26 Smtav hd17h
27 Smtav bv30s_firmware
28 Smtav bv30s
29 Smtav ba12s_firmware
30 Smtav ba12s
1 Multicam-systems mcamii_ptz_firmware
2 Multicam-systems mcamii_ptz
: Total Affected Vendor : 4 | Products : 112
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 CRITICAL 9119a7d8-5eab-497f-8521-727c672e3725
CVSS 4.0 CRITICAL 9119a7d8-5eab-497f-8521-727c672e3725
Solution
Address hard-coded credentials and disable insecure services on affected devices.
  • Change or disable default administrative credentials.
  • Disable SSH and Telnet services if not needed.
  • Isolate affected cameras from the network.
  • Apply vendor patches or updates if available.
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2025-35451.

URL Resource
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-162-10.json Third Party Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-10 Third Party Advisory US Government Resource
https://www.cve.org/CVERecord?id=CVE-2025-35451 Third Party Advisory
https://www.greynoise.io/blog/greynoise-intelligence-discovers-zero-day-vulnerabilities-in-live-streaming-cameras-with-the-help-of-ai Third Party Advisory
https://www.labs.greynoise.io/grimoire/2024-10-31-sift-0-day-rce/ Exploit Third Party Advisory
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2025-35451 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2025-35451 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2025-35451 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2025-35451 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Jan. 14, 2026

    Action Type Old Value New Value
    Added CPE Configuration AND OR *cpe:2.3:o:ptzoptics:pt12x-sdi-xx-g2_firmware:*:*:*:*:*:*:*:* versions up to (including) 6.3.34 OR cpe:2.3:h:ptzoptics:pt12x-sdi-xx-g2:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ptzoptics:pt12x-ndi-xx_firmware:*:*:*:*:*:*:*:* versions up to (including) 6.3.34 OR cpe:2.3:h:ptzoptics:pt12x-ndi-xx:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ptzoptics:pt12x-usb-xx-g2_firmware:*:*:*:*:*:*:*:* versions up to (including) 6.2.81 OR cpe:2.3:h:ptzoptics:pt12x-usb-xx-g2:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ptzoptics:pt20x-sdi-xx-g2_firmware:*:*:*:*:*:*:*:* versions up to (including) 6.3.20 OR cpe:2.3:h:ptzoptics:pt20x-sdi-xx-g2:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ptzoptics:pt20x-ndi-xx_firmware:*:*:*:*:*:*:*:* versions up to (including) 6.3.20 OR cpe:2.3:h:ptzoptics:pt20x-ndi-xx:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ptzoptics:pt20x-usb-xx-g2_firmware:*:*:*:*:*:*:*:* versions up to (including) 6.2.73 OR cpe:2.3:h:ptzoptics:pt20x-usb-xx-g2:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ptzoptics:pt30x-sdi-xx-g2_firmware:*:*:*:*:*:*:*:* versions up to (including) 6.3.30 OR cpe:2.3:h:ptzoptics:pt30x-sdi-xx-g2:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ptzoptics:pt30x-ndi-xx_firmware:*:*:*:*:*:*:*:* versions up to (including) 6.3.30 OR cpe:2.3:h:ptzoptics:pt30x-ndi-xx:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ptzoptics:pt12x-zcam_firmware:*:*:*:*:*:*:*:* versions up to (including) 7.2.76 OR cpe:2.3:h:ptzoptics:pt12x-zcam:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ptzoptics:pt20x-zcam_firmware:*:*:*:*:*:*:*:* versions up to (including) 7.2.82 OR cpe:2.3:h:ptzoptics:pt20x-zcam:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ptzoptics:ptvl-zcam_firmware:*:*:*:*:*:*:*:* versions up to (including) 7.2.79 OR cpe:2.3:h:ptzoptics:ptvl-zcam:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ptzoptics:pteptz-zcam-g2_firmware:*:*:*:*:*:*:*:* versions up to (including) 8.1.81 OR cpe:2.3:h:ptzoptics:pteptz-zcam-g2:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ptzoptics:pteptz-ndi-zcam-g2_firmware:*:*:*:*:*:*:*:* versions up to (including) 8.1.81 OR cpe:2.3:h:ptzoptics:pteptz-ndi-zcam-g2:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ptzoptics:vl_fixed_camera_firmware:*:*:*:*:*:*:*:* versions up to (including) 7.2.94 OR cpe:2.3:h:ptzoptics:vl_fixed_camera:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:ptzoptics:ndi_fixed_camera_firmware:*:*:*:*:*:*:*:* versions up to (including) 7.2.94 OR cpe:2.3:h:ptzoptics:ndi_fixed_camera:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:multicam-systems:mcamii_ptz_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:multicam-systems:mcamii_ptz:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:smtav:ba30s_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:smtav:ba30s:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:smtav:ba20s_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:smtav:ba20s:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:smtav:bv20s_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:smtav:bv20s:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:smtav:bx30s_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:smtav:bx30s:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:smtav:bx20n_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:smtav:bx20n:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:smtav:bx20uhd-n_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:smtav:bx20uhd-n:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:smtav:bx20uhd_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:smtav:bx20uhd:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:smtav:ba30-n_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:smtav:ba30-n:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:smtav:ba20-n_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:smtav:ba20-n:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:smtav:ba12-n_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:smtav:ba12-n:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:smtav:hd17h-n_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:smtav:hd17h-n:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:smtav:bx20s-sh_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:smtav:bx20s-sh:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:smtav:hd17h_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:smtav:hd17h:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:smtav:bv30s_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:smtav:bv30s:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:smtav:ba12s_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:smtav:ba12s:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:valuehd:vx90_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:valuehd:vx90:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:valuehd:vx720l_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:valuehd:vx720l:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:valuehd:vx752ag_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:valuehd:vx752ag:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:valuehd:vx752a_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:valuehd:vx752a:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:valuehd:vx751ba_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:valuehd:vx751ba:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:valuehd:vx630al_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:valuehd:vx630al:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:valuehd:vx61asl_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:valuehd:vx61asl:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:valuehd:vx61basl_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:valuehd:vx61basl:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:valuehd:vx60asl_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:valuehd:vx60asl:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:valuehd:vx61al_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:valuehd:vx61al:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:valuehd:vx60al_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:valuehd:vx60al:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:valuehd:vx701ra_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:valuehd:vx701ra:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:valuehd:vx701ta_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:valuehd:vx701ta:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:valuehd:vx800i2_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:valuehd:vx800i2:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:valuehd:v61w_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:valuehd:v61w:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:valuehd:v63xl_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:valuehd:v63xl:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:valuehd:v60xl_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:valuehd:v60xl:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:valuehd:vx70uvs_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:valuehd:vx70uvs:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:valuehd:vx71uvs_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:valuehd:vx71uvs:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:valuehd:v71uvs_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:valuehd:v71uvs:*:*:*:*:*:*:*:*
    Added Reference Type Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government: https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-162-10.json Types: Third Party Advisory
    Added Reference Type Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government: https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-10 Types: Third Party Advisory, US Government Resource
    Added Reference Type Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government: https://www.cve.org/CVERecord?id=CVE-2025-35451 Types: Third Party Advisory
    Added Reference Type Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government: https://www.greynoise.io/blog/greynoise-intelligence-discovers-zero-day-vulnerabilities-in-live-streaming-cameras-with-the-help-of-ai Types: Third Party Advisory
    Added Reference Type Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government: https://www.labs.greynoise.io/grimoire/2024-10-31-sift-0-day-rce/ Types: Exploit, Third Party Advisory
  • CVE Modified by 9119a7d8-5eab-497f-8521-727c672e3725

    Sep. 05, 2025

    Action Type Old Value New Value
    Added Reference https://www.greynoise.io/blog/greynoise-intelligence-discovers-zero-day-vulnerabilities-in-live-streaming-cameras-with-the-help-of-ai
    Added Reference https://www.labs.greynoise.io/grimoire/2024-10-31-sift-0-day-rce/
  • New CVE Received by 9119a7d8-5eab-497f-8521-727c672e3725

    Sep. 05, 2025

    Action Type Old Value New Value
    Added Description PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use hard-coded, default administrative credentials. The passwords can readily be cracked. Many cameras have SSH or telnet listening on all interfaces. The passwords cannot be changed by the user, nor can the SSH or telnet service be disabled by the user.
    Added CVSS V4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Added CWE CWE-798
    Added Reference https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-162-10.json
    Added Reference https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-10
    Added Reference https://www.cve.org/CVERecord?id=CVE-2025-35451
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
Base CVSS Score: 9.3
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Base CVSS Score: 9.8
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact