CVE-2025-63667

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-63667
Incorrect access control in SIMICAM v1.16.41-20250725, KEVIEW v1.14.92-20241120, ASECAM v1.14.10-20240725 allows attackers to access sensitive API endpoints without authentication.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/Remenis/CVE-2025-63667 Mitigation Third Party Advisory
https://github.com/Remenis/Vatilon_evidence/releases/download/Evidence/Vatilon_vulnerability_evidence_2025.zip Broken Link
https://vatilon.com/
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:simicam:ip_camera_firmware:1.16.41:*:*:*:*:*:*:*
cpe:2.3:h:simicam:ip_camera:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:keview:ip_camera_firmware:1.14.92:*:*:*:*:*:*:*
cpe:2.3:h:keview:ip_camera:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:asecam:ip_camera_firmware:1.14.10:*:*:*:*:*:*:*
cpe:2.3:h:asecam:ip_camera:-:*:*:*:*:*:*:*
History

No history.

Information

Published : 2025-11-12 15:15

Updated : 2026-01-05 18:15

NVD link : CVE-2025-63667

Mitre link : CVE-2025-63667

CVE.ORG link : CVE-2025-63667

JSON object : View

Products Affected

simicam

  • ip_camera
  • ip_camera_firmware

asecam

  • ip_camera_firmware
  • ip_camera

keview

  • ip_camera_firmware
  • ip_camera
CWE
CWE-284

Improper Access Control