CVE-2025-12636

MEDIUM

Ubia Camera Ecosystem - Info Disclosure

Title source: llm

Description

The Ubia camera ecosystem fails to adequately secure API credentials, potentially enabling an attacker to connect to backend services. The attacker would then be able to gain unauthorized access to available cameras, enabling the viewing of live feeds or modification of settings.

References (2)

[Various Sources] https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-310-02.json

View Writeup ZIP pw:eip

[Third Party Advisory, US Government Resource] https://www.cisa.gov/news-events/ics-advisories/icsa-25-310-02

Scores

CVSS v3 6.5

EPSS 0.0004

EPSS Percentile 13.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-522

Status published

Products (2)

Ubia/Ubox Android < January 15, 2026

Ubia/Ubox IOS < January 15, 2026

Published Nov 06, 2025

Tracked Since Feb 18, 2026