CVE-2025-65857 – This vulnerability in Xiongmai XM530 IP cameras... (How to Fix)

Q: What is the severity of CVE-2025-65857?

CVE-2025-65857 has a CVSS score of 7.5 (HIGH). This vulnerability in Xiongmai XM530 IP cameras exposes RTSP video streams through hardcoded credentials in the GetStreamUri function. Attackers can directly access live video feeds without authentication. Only Xiongmai XM530 cameras with specific vulnerable firmware are affected.

📋 TL;DR

This vulnerability in Xiongmai XM530 IP cameras exposes RTSP video streams through hardcoded credentials in the GetStreamUri function. Attackers can directly access live video feeds without authentication. Only Xiongmai XM530 cameras with specific vulnerable firmware are affected.

💻 Affected Systems

Products:

Xiongmai XM530 IP Camera

Versions: Firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06

Operating Systems: Embedded camera firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects specific firmware version; other Xiongmai models may have similar issues but not confirmed.

📦 What is this software?

Xm530v200 X6 Weq 8m Firmware by Xiongmaitech

View all CVEs affecting Xm530v200 X6 Weq 8m Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete surveillance compromise allowing unauthorized real-time video monitoring, potential physical security breaches, and privacy violations.

🟠

Likely Case

Unauthorized access to live camera feeds enabling surveillance of private spaces and sensitive areas.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing external access.

🌐 Internet-Facing: HIGH - Direct exposure allows remote attackers to access video streams without authentication.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could access streams, but requires network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only accessing the exposed RTSP URI with hardcoded credentials; trivial for attackers with network access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None provided in references

Restart Required: No

Instructions:

No official patch available. Contact Xiongmai for firmware updates or security advisories.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate cameras on separate VLAN with strict firewall rules blocking external RTSP access.

Access Control Lists

all

Implement IP-based restrictions allowing only authorized systems to access camera RTSP streams.

🧯 If You Can't Patch

Physically disconnect cameras from internet-facing networks
Replace affected cameras with secure alternatives from different vendors

🔍 How to Verify

Check if Vulnerable:

Attempt to access RTSP stream using hardcoded credentials via tools like VLC or ffmpeg: rtsp://[camera-ip]:554/stream1 with default credentials

Check Version:

Check camera web interface or ONVIF device management for firmware version

Verify Fix Applied:

Verify RTSP stream access requires proper authentication and hardcoded credentials no longer work

📡 Detection & Monitoring

Log Indicators:

Unauthorized RTSP connection attempts
Multiple failed authentication attempts to camera streams

Network Indicators:

Unusual RTSP traffic patterns
External IPs accessing internal camera streams

SIEM Query:

source_ip=external AND dest_port=554 AND protocol=RTSP

📊 Metadata

CVE ID: CVE-2025-65857

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-359

EPSS Score: 0.06% exploit probability (17.5th percentile)

Published: December 22, 2025

Last Updated: January 5, 2026

🔗 References

http://hangzhou.com Permissions Required
http://ip.com Not Applicable
https://luismirandaacebedo.github.io/CVE-2025-65857/ Exploit,Third Party Advisory,Mitigation

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-65857, you might also want to check these: