CVE-2025-63667 – This vulnerability allows attackers to bypass a... (How to Fix)

Q: What is the severity of CVE-2025-63667?

CVE-2025-63667 has a CVSS score of 7.5 (HIGH). This vulnerability allows attackers to bypass authentication and access sensitive API endpoints in SIMICAM, KEVIEW, and ASECAM software. Any organization using these products with vulnerable versions is affected, potentially exposing sensitive data and system controls.

📋 TL;DR

This vulnerability allows attackers to bypass authentication and access sensitive API endpoints in SIMICAM, KEVIEW, and ASECAM software. Any organization using these products with vulnerable versions is affected, potentially exposing sensitive data and system controls.

💻 Affected Systems

Products:

SIMICAM
KEVIEW
ASECAM

Versions: SIMICAM v1.16.41-20250725, KEVIEW v1.14.92-20241120, ASECAM v1.14.10-20240725

Operating Systems: Unknown - Likely multiple platforms

Default Config Vulnerable: ⚠️ Yes

Notes: All installations with these specific versions are vulnerable by default.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing data theft, configuration changes, and potential lateral movement within the network.

🟠

Likely Case

Unauthorized access to sensitive data, surveillance footage, and system configuration information.

🟢

If Mitigated

Limited impact if network segmentation and strict access controls prevent external access to vulnerable endpoints.

🌐 Internet-Facing: HIGH - Directly accessible API endpoints without authentication can be exploited remotely.

🏢 Internal Only: MEDIUM - Internal attackers or compromised devices could exploit the vulnerability within the network.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

GitHub repository contains evidence and likely exploit code. Simple HTTP requests to unprotected endpoints.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://vatilon.com/

Restart Required: No

Instructions:

1. Check vendor website for security updates. 2. If patch available, download and apply following vendor instructions. 3. Verify authentication is required for all API endpoints.

🔧 Temporary Workarounds

Network Access Control

all

Restrict network access to vulnerable systems using firewalls or network segmentation.

Web Application Firewall

all

Implement WAF rules to block unauthorized API endpoint access.

🧯 If You Can't Patch

Isolate vulnerable systems in separate network segments with strict access controls.
Implement API gateway with authentication proxy in front of vulnerable endpoints.

🔍 How to Verify

Check if Vulnerable:

Attempt to access API endpoints without authentication. Check if endpoints like /api/* return data without credentials.

Check Version:

Check software version in web interface or configuration files.

Verify Fix Applied:

Verify that all API endpoints require proper authentication and return 401/403 for unauthenticated requests.

📡 Detection & Monitoring

Log Indicators:

Unauthenticated API access attempts
Access to sensitive endpoints without user credentials
Unusual API request patterns

Network Indicators:

HTTP requests to API endpoints without authentication headers
Unusual traffic to camera/management systems

SIEM Query:

source="web_logs" AND (uri="/api/*" OR uri="/endpoint/*") AND (status="200" OR status="201") AND NOT (user!="-" OR auth!="-")

📊 Metadata

CVE ID: CVE-2025-63667

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-284

EPSS Score: 0.1% exploit probability (28.1th percentile)

Published: November 12, 2025

Last Updated: January 5, 2026

🔗 References

https://github.com/Remenis/CVE-2025-63667 Mitigation,Third Party Advisory
https://github.com/Remenis/Vatilon_evidence/releases/download/Evidence/Vatilon_vulnerability_evidence_2025.zip Broken Link
https://vatilon.com/

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-63667, you might also want to check these: