Information Disclosure in Provision-ISR CCTV Products
CVE-2025-0224

6.9MEDIUM

Key Information:

Vendor: Provision-isr
Status: Sh-4050a-2; Sh-4100a-2l(mm); Sh-8100a-2l(mm); Sh-16200a-2(1u)
Vendor: CVE Published:; 5 January 2025

🔔 Create Provision-isr Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-0224?

A vulnerability exists within multiple Provision-ISR products due to an unknown functionality in the file /server.js, leading to potential information disclosure. This flaw allows remote attackers to exploit the system, risking exposure of sensitive information. The issue has been publicly disclosed, raising concerns about the security of affected devices, particularly those in sensitive environments.

Affected Version(s)

NVR5-8200PX 20241220

SH-16200A-2(1U) 20241220

SH-16200A-5(1U) 20241220

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-0224 - Proof of Concept