Unauthenticated SQL Injection in Geutebruck G-Cam E-Series Cameras
CVE-2025-12463

9.8CRITICAL

Key Information:

Vendor: Guetebruck
Status: G-cam
Vendor: CVE Published:; 3 November 2025

What is CVE-2025-12463?

An unauthenticated SQL Injection vulnerability was found in the Geutebruck G-Cam E-Series Cameras, specifically through the Group parameter in the /uapi-cgi/viewer/Param.cgi script. This issue allows potential attackers to manipulate database queries, which could lead to unauthorized data access or other malicious actions. The vulnerability has been confirmed on the EFD-2130 camera with firmware version 1.12.0.19, highlighting the need for immediate remediation to protect sensitive information.

Affected Version(s)

G-Cam 1.12.0.19

References

https://blog.blacklanternsecurity.com/p/cve-2025-12463-98...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 3, 2025
Vulnerability Reserved
Oct 29, 2025

JSON

Guetebruck

What is CVE-2025-12463?

Affected Version(s)

References

CVSS V3.1

Timeline