Login Sign Up

CVE-2025-7075

6.3 MEDIUM

📋 TL;DR

CVE-2025-7075 is a critical vulnerability in BlackVue Dashcam 590X devices that allows unauthenticated attackers on the local network to upload arbitrary files to the device via the /upload.cgi HTTP endpoint. This could lead to remote code execution, device compromise, or data manipulation. Only BlackVue Dashcam 590X users with devices exposed on local networks are affected.

💻 Affected Systems

Products:
  • BlackVue Dashcam 590X
Versions: Up to firmware version 20250624
Operating Systems: Embedded firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects devices with HTTP endpoint accessible on local network. Wi-Fi or wired network connectivity required.

📦 What is this software?

Blackvue Dr590x Firmware by Blackvuenorthamerica

View all CVEs affecting Blackvue Dr590x Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device takeover leading to remote code execution, data exfiltration, or use as a pivot point into the local network.

🟠

Likely Case

Malicious file upload leading to device compromise, data corruption, or unauthorized access to dashcam footage.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent local network access to the device.

🌐 Internet-Facing: LOW - The vulnerability requires local network access according to the description.
🏢 Internal Only: HIGH - Attackers on the local network can exploit this without authentication.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details are publicly available on GitHub. Attack requires local network access but no authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Monitor BlackVue website for firmware updates addressing CVE-2025-7075.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate BlackVue dashcams on separate VLAN or network segment to prevent local network access.

Firewall Rules

all

Block access to dashcam HTTP ports (typically 80/443) from all devices except authorized management systems.

🧯 If You Can't Patch

  • Disconnect dashcam from network when not actively transferring files
  • Implement strict network access controls to limit which devices can communicate with the dashcam

🔍 How to Verify

Check if Vulnerable:

Check firmware version in BlackVue app or web interface. If version is 20250624 or earlier, device is vulnerable.

Check Version:

Connect to dashcam web interface at http://[dashcam-ip] and check firmware version in settings.

Verify Fix Applied:

Check for firmware updates in BlackVue app and verify version is newer than 20250624.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file uploads to /upload.cgi endpoint
  • Multiple failed or successful upload attempts from unauthorized IPs

Network Indicators:

  • HTTP POST requests to /upload.cgi from unexpected sources
  • Unusual outbound traffic from dashcam after exploitation

SIEM Query:

source_ip="*" AND dest_port=80 AND http_uri="/upload.cgi" AND http_method="POST"

📊 Metadata

CVE ID: CVE-2025-7075
CVSS v3 Score: 6.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-284
EPSS Score: 0.04% exploit probability (11.7th percentile)
Published: July 6, 2025
Last Updated: October 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-7075, you might also want to check these:

CVE-2021-34795 10.0

This critical vulnerability in Cisco Catalyst PON Series Switches ONT web management interface allow...

Same vulnerability type (CWE-284)
CVE-2021-40113 10.0

Multiple vulnerabilities in Cisco Catalyst PON Series Switches ONT web management interface allow un...

Same vulnerability type (CWE-284)
CVE-2026-21636 10.0

A critical vulnerability in Node.js v25's experimental permission model allows attacker-controlled i...

Same vulnerability type (CWE-284)