CVE-2025-35452

high-risk
Published 2025-09-05

PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use default, shared credentials for the administrative web interface.

Do I need to act?

-
0.15% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (20)

Pt12X-Sdi-Xx-G2 Firmware
Pt12X-Ndi-Xx Firmware
Pt12X-Usb-Xx-G2 Firmware
Pt20X-Sdi-Xx-G2 Firmware
T20X-Ndi-Xx Firmware
Pt20X-Usb-Xx-G2 Firmware
Pt30X-Sdi-Xx-G2 Firmware
Pt30X-Ndi-Xx Firmware
Pt12X-Zcam Firmware
Pt20X-Zcam Firmware
Ptvl-Zcam Firmware
Pteptz-Zcam-G2 Firmware
Pteptz-Ndi-Zcam-G2
Pt12X-4K-Xx-G3 Firmware
Pt20X-4K-Xx-G3 Firmware
Pt30X-4K-Xx-G3 Firmware
Pt12X-Link-4K-Xx Firmware
Pt20X-Link-4K-Xx Firmware
Pt30X-Link-4K-Xx Firmware
Pt12X-Se-Xx-G3 Firmware

Affected Vendors

Ptzoptics Multicam-Systems Smtav Valuehd

References (5)

Patch https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-16...
Third Party Advisory https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-10
Third Party Advisory https://www.cve.org/CVERecord?id=CVE-2025-35452
Third Party Advisory https://www.greynoise.io/blog/greynoise-intelligence-discovers-zero-day-vulnerab...
Exploit https://www.labs.greynoise.io/grimoire/2024-10-31-sift-0-day-rce/
60
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 1/34 · Minimal
Exposure 27/34 · High