API Credential Exposure in Ubia Camera Ecosystem
CVE-2025-12636

7.1HIGH

Key Information:

Vendor: Ubia
Status: Ubox
Vendor: CVE Published:; 6 November 2025

What is CVE-2025-12636?

The Ubia camera ecosystem has a significant vulnerability related to the inadequate protection of API credentials. This flaw may allow an attacker to access backend services and gain unauthorized control over connected cameras. Such access can lead to the viewing of live camera feeds and alteration of device settings, posing severe privacy and security risks for users.

Affected Version(s)

Ubox v1.1.124

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-3...

https://github.com/cisagov/CSAF/blob/develop/csaf_files/O...

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 6, 2025
Vulnerability Reserved
Nov 3, 2025

Credit

Milos C. reported this vulnerability to CISA.

JSON