Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
T3MP3ST Security Framework Uses AI to Automate 0-Day Vulnerability Discovery
July 5, 2026
Flipper Zero Firmware Updates Enhance Security, Introduce Community Guidelines
July 5, 2026
Mythos Ransomware Returns, Kali Linux 2024.2 Released, WhatsApp Vulnerability
July 5, 2026
Home/CyberSecurity News/Critical Xiongmai IP Camera Flaw Lets Attackers Bypass Authentication
CyberSecurity News

Critical Xiongmai IP Camera Flaw Lets Attackers Bypass Authentication

Key Takeaways A critical authentication bypass flaw has been discovered in specific Xiongmai IP camera firmware. The vulnerability, CVE-2025-65856, allows unauthenticated attackers to gain full...

Emy Elsamnoudy
Emy Elsamnoudy
April 24, 2026 3 Min Read
48 0

Key Takeaways

  • A critical authentication bypass flaw has been discovered in specific Xiongmai IP camera firmware.
  • The vulnerability, CVE-2025-65856, allows unauthenticated attackers to gain full control over affected XM530 IP cameras.
  • With a CVSS v3 score of 9.8, the flaw poses a severe risk of unauthorized surveillance and data exfiltration.
  • No patch is currently available from the vendor, but CISA has issued mitigation recommendations.

Hangzhou Xiongmai Technology’s XM530 IP Cameras, widely deployed for commercial surveillance, are vulnerable to a critical authentication bypass flaw that could allow unauthorized access to live feeds and device controls. This severe vulnerability undermines the intended security function of these devices, potentially exposing sensitive commercial facilities to significant risk.

Table Of Content

  • Key Takeaways
  • Technical Details and Impact
  • Public Exploit Code Raises Threat Level
  • What You Should Do

Designated as CVE-2025-65856 and tracked under the alert code ICSA-26-113-05, the flaw enables cybercriminals to circumvent authentication mechanisms entirely. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a warning on April 23, 2026, highlighting the urgent need for organizations globally to address the potential for unauthorized remote access.

Technical Details and Impact

The root cause of CVE-2025-65856 lies in a missing authentication check for a critical function within the camera’s firmware. This oversight means the device’s software fails to properly verify user credentials before granting administrative privileges, effectively creating a backdoor for attackers.

This critical vulnerability has been assigned a maximum CVSS v3 score of 9.8 out of 10, underscoring its severity. The flaw specifically impacts firmware version XM530V200_X6-WEQ_8M V5.00.R02.000807D8.10010. 346624.S. ONVIF_21.06.

Successful exploitation by an unauthenticated attacker on the network could lead to comprehensive control over the affected camera. This includes the ability to view live video feeds, alter camera settings, and extract sensitive data directly from the device, bypassing all login screens.

Public Exploit Code Raises Threat Level

Security researcher Luis Miranda Acebedo developed and publicly released a working Proof of Concept (PoC) exploit for this vulnerability. CISA identified this public code and promptly reported it for official tracking by MITRE.

While CISA has not yet reported any active cyberattacks targeting this specific flaw in the wild, the public availability of a PoC significantly escalates the threat. Such code provides a readily available blueprint, simplifying the process for malicious actors to launch automated attacks against vulnerable devices.

Given the widespread deployment of Xiongmai IP cameras in commercial facilities globally, thousands of businesses could be unknowingly exposed to unauthorized surveillance. As these Internet of Things (IoT) devices are frequently positioned in sensitive areas, organizations must take immediate proactive measures to prevent potential security breaches.

What You Should Do

  • Immediately disconnect control system devices, including IP cameras, from the public internet to minimize exposure.
  • Implement strict firewall rules to isolate camera networks and other remote devices from internal business networks.
  • Utilize secure Virtual Private Networks (VPNs) for any necessary remote access to cameras, ensuring all VPN software is updated to the latest versions.
  • Conduct a thorough impact analysis and risk assessment before deploying new defensive network measures.
  • Educate staff on cybersecurity best practices, particularly regarding suspicious web links and email attachments, to prevent related social engineering attacks.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackBreachCVECybersecurityExploitHackerSecurityThreatVulnerability

Share Article

Emy Elsamnoudy

Emy Elsamnoudy

Emy is a cybersecurity analyst and reporter specializing in threat hunting, defense strategies, and industry trends. With expertise in proactive security measures, Emily covers the tools and techniques organizations use to detect and prevent cyber attacks. She is a regular speaker at security conferences and has contributed to industry reports on threat intelligence and security operations. Emily's reporting focuses on helping organizations improve their security posture through practical, actionable insights.

Previous Post

Critical Ollama Vulnerability Lets Attackers Leak Server Data

Next Post

Python 3.9.0-3.9.7 Critical Vulnerability Allows Arbitrary Code Execution

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Critical FatFs Vulnerabilities Expose Millions of Embedded Devices
July 4, 2026
Critical Linux Kernel Vulnerability CVE-2023-0179 Grants Root Access
July 4, 2026
India Bans Apps Used to Remotely Disable E-Rickshaws
July 3, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us