← Back
2025-12-26 4:12CVE-2025-52599Hanwha_Vision
PUBLISHED5.2CWE-269

Inadequate account permissions management

Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered Inadequate of permission management for camera guest account. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.

Problem type

Affected products

Hanwha Vision Co., Ltd.

QNV-C8012

Prior to version 2.22.05 - AFFECTED

References

hanwhavision.com

https://www.hanwhavision.com/wp-content/uploads/2025/12/Camera-Vulnerability-ReportCVE-2025-5259852601-8075.pdf

JSON source

https://cveawg.mitre.org/api/cve/CVE-2025-52599
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2025-52599",
    "assignerOrgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
    "assignerShortName": "Hanwha_Vision",
    "dateUpdated": "2025-12-26T15:15:17.385Z",
    "dateReserved": "2025-06-18T07:10:49.610Z",
    "datePublished": "2025-12-26T04:12:37.550Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
        "shortName": "Hanwha_Vision",
        "dateUpdated": "2025-12-26T04:12:37.550Z"
      },
      "title": "Inadequate account permissions management",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered Inadequate of permission management for camera guest account. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.",
          "supportingMedia": [
            {
              "type": "text/html",
              "base64": false,
              "value": "<div><div>Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered Inadequate of permission management for camera guest account. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.</div></div>\n\n<br>"
            }
          ]
        }
      ],
      "affected": [
        {
          "vendor": "Hanwha Vision Co., Ltd.",
          "product": "QNV-C8012",
          "defaultStatus": "unaffected",
          "versions": [
            {
              "version": "Prior to version 2.22.05",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "CWE-269 Improper Privilege Management",
              "cweId": "CWE-269",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://www.hanwhavision.com/wp-content/uploads/2025/12/Camera-Vulnerability-ReportCVE-2025-5259852601-8075.pdf"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-122",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-122 Privilege Abuse"
            }
          ]
        }
      ],
      "metrics": [
        {
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ]
    },
    "adp": [
      {
        "providerMetadata": {
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP",
          "dateUpdated": "2025-12-26T15:15:17.385Z"
        },
        "title": "CISA ADP Vulnrichment",
        "metrics": [
          {}
        ]
      }
    ]
  }
}