CVE-2025-67160

HIGH

Vatilon PA4 Firmware 1.12.37-20240124 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-67160. PoCs published by Remenis.

AI-analyzed exploit summary CVE-2025-67160 describes an incorrect access control vulnerability in Vatilon-based IP cameras, allowing unauthenticated directory listing and exposure of internal web resources. The writeup details affected devices, impact, and mitigation steps but withholds PoC details to prevent abuse.

Description

An issue in Vatilon v1.12.37-20240124 allows attackers to access sensitive directories and files via a directory traversal.

Exploits (1)

nomisec WRITEUP

by Remenis · poc

https://github.com/Remenis/CVE-2025-67160

View Code ZIP pw:eip

CVE-2025-67160 describes an incorrect access control vulnerability in Vatilon-based IP cameras, allowing unauthenticated directory listing and exposure of internal web resources. The writeup details affected devices, impact, and mitigation steps but withholds PoC details to prevent abuse.

Classification

Writeup 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Vatilon-based IP cameras (e.g., JIENUO brand, firmware V1.12.37-20240124)

No auth needed

Prerequisites: Network access to the vulnerable IP camera · Directory indexing enabled on the embedded web server

MITRE ATT&CK

T1083 - File and Directory Discovery T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Product

http://vatilon.com

Third Party Advisory, Exploit

https://github.com/Remenis/CVE-2025-67160

Scores

CVSS v3 7.5

EPSS 0.0085

EPSS Percentile 53.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (1)

vatilon/pa4_firmware 1.12.37-20240124

Published Jan 02, 2026

Tracked Since Feb 18, 2026