CVE-2025-12351

MEDIUM

Honeywell S35 Series Cameras - Privilege Escalation

Title source: llm

Description

Honeywell S35 Series Cameras contains an authorization bypass Vulnerability through User controller key. An attacker could potentially exploit this vulnerability, leading to Privilege Escalation to admin privileged functionalities . Honeywell also recommends updating to the most recent version of this product, service or offering (S35 Pinhole/Kit Camera to version 2025.08.28, S35 AI Fisheye & Dual Sensor/Micro Dome/Full Color Eyeball & Bullet Camera to version 2025.08.22, S35 Thermal Camera to version 2025.08.26).

References (1)

[Various Sources] https://www.honeywell.com/us/en/product-security

Scores

CVSS v3 6.8

EPSS 0.0003

EPSS Percentile 8.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-639 CWE-668

Status published

Products (3)

Honeywell/S35 3M/5M/8M/Pinhole/Kit Camera 2022.02.28 - 2025.08.28

Honeywell/S35 AI Fisheye&Dual Sensor/Micro Dome/Full Color Eyeball&Bullet Camera 2024.08.10 - 2025.08.22

Honeywell/S35 Thermal Camera 2024.10.21 - 2025.08.26

Published Oct 27, 2025

Tracked Since Feb 18, 2026