Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered a vulnerability in Device Manager that a hardcoded encryption key for sensitive information. An attacker can use key to decrypt sensitive information. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.
PUBLISHED5.2CWE-321
Hardcoding sensitive information
Problem type
Affected products
Hanwha Vision Co., Ltd.
Device Manager
prior to version 2.9.3.1 - AFFECTED
References
JSON source
https://cveawg.mitre.org/api/cve/CVE-2025-52601Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2025-52601",
"assignerOrgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"assignerShortName": "Hanwha_Vision",
"dateUpdated": "2025-12-26T19:27:44.838Z",
"dateReserved": "2025-06-18T07:10:49.611Z",
"datePublished": "2025-12-26T04:29:25.830Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"shortName": "Hanwha_Vision",
"dateUpdated": "2025-12-26T04:29:25.830Z"
},
"title": "Hardcoding sensitive information",
"descriptions": [
{
"lang": "en",
"value": "Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered a vulnerability in Device Manager that a hardcoded encryption key for sensitive information. An attacker can use key to decrypt sensitive information. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.",
"supportingMedia": [
{
"type": "text/html",
"base64": false,
"value": "<div><div>Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered a vulnerability in Device Manager that a hardcoded encryption key for sensitive information. An attacker can use key to decrypt sensitive information. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.</div></div>"
}
]
}
],
"affected": [
{
"vendor": "Hanwha Vision Co., Ltd.",
"product": "Device Manager",
"defaultStatus": "unaffected",
"versions": [
{
"version": "prior to version 2.9.3.1",
"status": "affected"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "CWE-321: Use of Hard-coded Cryptographic Key",
"cweId": "CWE-321",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://www.hanwhavision.com/wp-content/uploads/2025/12/Camera-Vulnerability-ReportCVE-2025-5259852601-8075.pdf"
}
],
"impacts": [
{
"capecId": "CAPEC-116",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-116 Excavation"
}
]
}
],
"metrics": [
{
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
]
},
"adp": [
{
"providerMetadata": {
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP",
"dateUpdated": "2025-12-26T19:27:44.838Z"
},
"title": "CISA ADP Vulnrichment",
"metrics": [
{}
]
}
]
}
}