CVE-2025-35451

high-risk

Published 2025-09-05

PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use hard-coded, default administrative credentials. The passwords can readily be cracked. Many cameras have SSH or telnet listening on all interfaces. The passwords cannot be changed by the user, nor can the SSH or telnet service be disabled by the user.

Do I need to act?

0.17% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (20)

Pt12X-Sdi-Xx-G2 Firmware

Pt12X-Ndi-Xx Firmware

Pt12X-Usb-Xx-G2 Firmware

Pt20X-Sdi-Xx-G2 Firmware

Pt20X-Ndi-Xx Firmware

Pt20X-Usb-Xx-G2 Firmware

Pt30X-Sdi-Xx-G2 Firmware

Pt30X-Ndi-Xx Firmware

Pt12X-Zcam Firmware

Pt20X-Zcam Firmware

Ptvl-Zcam Firmware

Pteptz-Zcam-G2 Firmware

Pteptz-Ndi-Zcam-G2 Firmware

Vl Fixed Camera Firmware

Ndi Fixed Camera Firmware

Mcamii Ptz Firmware

Ba30S Firmware

Ba20S Firmware

Bv20S Firmware

Bx30S Firmware

Affected Vendors

Ptzoptics Multicam-Systems Smtav Valuehd

References (5)

Third Party Advisory https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-16...

Third Party Advisory https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-10

Third Party Advisory https://www.cve.org/CVERecord?id=CVE-2025-35451

Third Party Advisory https://www.greynoise.io/blog/greynoise-intelligence-discovers-zero-day-vulnerab...

Exploit https://www.labs.greynoise.io/grimoire/2024-10-31-sift-0-day-rce/

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 1/34 · Minimal

Exposure 26/34 · High