CVE-2025-25985

low-risk

Published 2025-04-18

An issue in Macro-video Technologies Co.,Ltd V380E6_C1 IP camera (Hw_HsAKPIQp_WF_XHR) 1020302 allows a physically proximate attacker to execute arbitrary code via the /mnt/mtd/mvconf/wifi.ini and /mnt/mtd/mvconf/user_info.ini components.

Do I need to act?

0.14% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 2.6/10 Low

PHYSICAL / LOW complexity

Affected Products (1)

V380E6 C1 Firmware

Affected Vendors

Macro-Video

References (2)

Exploit https://github.com/vladko312/Research_v380_IP_camera

Exploit https://github.com/vladko312/Research_v380_IP_camera/blob/main/CVE-2025-25985.md

/ 100

low-risk

Severity 11/34 · Low

Exploitability 1/34 · Minimal

Exposure 5/34 · Minimal