Login Sign Up

CVE-2025-25984

6.8 MEDIUM
Remote Code Execution

📋 TL;DR

This vulnerability in Macro-video Technologies V380E6_C1 IP cameras allows a physically proximate attacker to execute arbitrary code via the UART interface. Attackers with physical access to the device can gain full control, potentially compromising the camera's functionality and network access. Organizations using these specific IP camera models are affected.

💻 Affected Systems

Products:
  • Macro-video Technologies V380E6_C1 IP camera
Versions: 1020302
Operating Systems: Embedded Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Requires physical access to UART pins on the device board. The vulnerability is in the hardware interface, not network-accessible.

📦 What is this software?

V380e6 C1 Firmware by Macro Video

View all CVEs affecting V380e6 C1 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains full root access to the camera, installs persistent malware, pivots to internal networks, and uses the camera as a surveillance device or attack platform.

🟠

Likely Case

Attacker modifies camera firmware to disable security features, intercepts video feeds, or uses the camera as a foothold into the network.

🟢

If Mitigated

With physical security controls preventing unauthorized access, the vulnerability remains dormant with minimal impact.

🌐 Internet-Facing: LOW
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires physical access and basic hardware skills (connecting to UART pins). The GitHub repository contains detailed research and likely exploit code.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None found

Restart Required: No

Instructions:

No official patch available. Contact Macro-video Technologies for firmware updates or replacement options.

🔧 Temporary Workarounds

Physical Security Hardening

all

Secure physical access to cameras using tamper-resistant enclosures, secure mounting, and access controls.

Network Segmentation

all

Isolate cameras on separate VLANs with strict firewall rules to limit lateral movement if compromised.

🧯 If You Can't Patch

  • Deploy cameras in physically secure locations with restricted access and surveillance.
  • Consider replacing vulnerable cameras with models from vendors providing security updates.

🔍 How to Verify

Check if Vulnerable:

Check device model (V380E6_C1) and firmware version (1020302) via web interface or serial console.

Check Version:

Check via camera web interface at Settings > System > Version or via serial console connection.

Verify Fix Applied:

No fix available to verify. Monitor vendor announcements for firmware updates.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected firmware changes
  • Unauthorized configuration modifications
  • Serial console access logs if available

Network Indicators:

  • Unusual outbound connections from camera
  • Anomalous traffic patterns

SIEM Query:

source="camera_logs" AND (event="firmware_update" OR event="config_change")

📊 Metadata

CVE ID: CVE-2025-25984
CVSS v3 Score: 6.8 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-259
EPSS Score: 0.24% exploit probability (47.3th percentile)
Published: April 18, 2025
Last Updated: June 25, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-25984, you might also want to check these:

CVE-2025-20286 9.9

A critical vulnerability in Cisco ISE cloud deployments allows unauthenticated attackers to access s...

Same vulnerability type (CWE-259)
CVE-2024-33625 9.8

CyberPower PowerPanel Business application contains a hard-coded JWT signing key, allowing attackers...

Same vulnerability type (CWE-259)
CVE-2017-20039 9.8

CVE-2017-20039 is a critical authentication weakness in SICUNET Access Controller that allows remote...

Same vulnerability type (CWE-259)