CVE-2018-25140

HIGH

FLIR thermal traffic cameras - SSRF

Title source: llm

Description

FLIR thermal traffic cameras contain an unauthenticated device manipulation vulnerability in their WebSocket implementation that allows attackers to bypass authentication and authorization controls. Attackers can directly modify device configurations, access system information, and potentially initiate denial of service by sending crafted WebSocket messages without authentication.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · pythonwebappshardware

https://www.exploit-db.com/exploits/45539

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/45539

[Various Sources] https://www.flir.com

[Third Party Advisory] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5490.php

Scores

CVSS v3 7.5

EPSS 0.0020

EPSS Percentile 41.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-306

Status published

Products (10)

FLIR Systems, Inc./Thermal Traffic Cameras E1.00.09

FLIR Systems, Inc./Thermal Traffic Cameras V1.01-0bb5b27

FLIR Systems, Inc./Thermal Traffic Cameras V1.01.P02

FLIR Systems, Inc./Thermal Traffic Cameras V1.02.P01

FLIR Systems, Inc./Thermal Traffic Cameras V1.02.P02

FLIR Systems, Inc./Thermal Traffic Cameras V1.04

FLIR Systems, Inc./Thermal Traffic Cameras V1.04.P02

FLIR Systems, Inc./Thermal Traffic Cameras V1.05.P01

FLIR Systems, Inc./Thermal Traffic Cameras V1.05.P03

FLIR Systems, Inc./Thermal Traffic Cameras V1.06

Published Dec 24, 2025

Tracked Since Feb 18, 2026