← Back
2025-12-26 4:7CVE-2025-52598Hanwha_Vision
PUBLISHED5.2CWE-295

Insufficient certificate validation

Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has found a flaw that camera's client service does not perform certificate validation. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.

Problem type

Affected products

Hanwha Vision Co., Ltd.

QNV-C8012

Prior to version 2.22.05 - AFFECTED

References

hanwhavision.com

https://www.hanwhavision.com/wp-content/uploads/2025/12/Camera-Vulnerability-ReportCVE-2025-5259852601-8075.pdf

JSON source

https://cveawg.mitre.org/api/cve/CVE-2025-52598
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2025-52598",
    "assignerOrgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
    "assignerShortName": "Hanwha_Vision",
    "dateUpdated": "2025-12-26T15:15:22.694Z",
    "dateReserved": "2025-06-18T07:10:49.610Z",
    "datePublished": "2025-12-26T04:07:19.958Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
        "shortName": "Hanwha_Vision",
        "dateUpdated": "2025-12-26T04:07:19.958Z"
      },
      "title": "Insufficient certificate validation",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has found a flaw that camera's client service does not perform certificate validation. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.",
          "supportingMedia": [
            {
              "type": "text/html",
              "base64": false,
              "value": "<div><div>Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has found a flaw that camera's client service does not perform certificate validation. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.</div></div>\n\n<br>"
            }
          ]
        }
      ],
      "affected": [
        {
          "vendor": "Hanwha Vision Co., Ltd.",
          "product": "QNV-C8012",
          "defaultStatus": "unaffected",
          "versions": [
            {
              "version": "Prior to version 2.22.05",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "CWE-295 Improper Certificate Validation",
              "cweId": "CWE-295",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://www.hanwhavision.com/wp-content/uploads/2025/12/Camera-Vulnerability-ReportCVE-2025-5259852601-8075.pdf"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-22",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-22 Exploiting Trust in Client"
            }
          ]
        }
      ],
      "metrics": [
        {
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ]
    },
    "adp": [
      {
        "providerMetadata": {
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP",
          "dateUpdated": "2025-12-26T15:15:22.694Z"
        },
        "title": "CISA ADP Vulnrichment",
        "metrics": [
          {}
        ]
      }
    ]
  }
}