Authorization Bypass Vulnerability in Honeywell S35 Series Cameras
CVE-2025-12351

6.8MEDIUM

Key Information:

Vendor: Honeywell
Status: S35 3m/5m/8m/pinhole/kit Camera; S35 Ai Fisheye&dual Sensor/micro Dome/full Color Eyeball&bullet Camera; S35 Thermal Camera
Vendor: CVE Published:; 27 October 2025

What is CVE-2025-12351?

The Honeywell S35 Series Cameras exhibit a vulnerability that allows for an authorization bypass through a user controller key. This flaw could enable an attacker to escalate privileges to administrative functionalities, potentially compromising system integrity and security. Users are strongly encouraged to upgrade to the latest versions of the affected products to mitigate risks and ensure continued protection.

Affected Version(s)

S35 3M/5M/8M/Pinhole/Kit Camera Linux 2022.02.28 < 2025.08.28

S35 AI Fisheye&Dual Sensor/Micro Dome/Full Color Eyeball&Bullet Camera Linux 2024.08.10 < 2025.08.22

S35 Thermal Camera 2024.10.21 < 2025.08.26

References

https://www.honeywell.com/us/en/product-security

vendor-advisory

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 27, 2025
Vulnerability Reserved
Oct 27, 2025

JSON