CVE-2025-12636

The Ubia camera ecosystem fails to adequately secure API credentials, 
potentially enabling an attacker to connect to backend services. The 
attacker would then be able to gain unauthorized access to available 
cameras, enabling the viewing of live feeds or modification of settings.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
icscertCNA
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-310-02.json
https://www.cisa.gov/news-events/ics-advisories/icsa-25-310-02