Default Administrative Credentials Vulnerability in PTZOptics Pan-Tilt-Zoom Cameras
CVE-2025-35451

9.3CRITICAL

Key Information:

Vendor: Ptzoptics
Status: Pt12x-se-xx-g3; Pt12x-link-4k-xx; Pt20x-se-xx-g3; Pt20x-link-4k-xx
Vendor: CVE Published:; 5 September 2025

What is CVE-2025-35451?

PTZOptics ValueHD-based pan-tilt-zoom cameras are susceptible to a significant security risk due to the implementation of hard-coded administrative credentials, which are easily compromised. Users cannot modify these credentials or disable SSH and telnet services, exposing the devices to unauthorized access through readily crackable passwords. This vulnerability opens up potential avenues for attackers to exploit these cameras within the network.

Affected Version(s)

12x Fixed Camera/NDI Fixed Camera 0 < 7.2.85

20x Fixed Camera/NDI Fixed Camera 0 < 7.2.94

EPTZ Fixed Camera/NDI Fixed Camera 0 < 8.1.89

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-1...

https://github.com/cisagov/CSAF/blob/develop/csaf_files/O...

https://www.cve.org/CVERecord?id=CVE-2025-35451

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 5, 2025
Vulnerability Reserved
Apr 15, 2025

Ptzoptics

What is CVE-2025-35451?

Affected Version(s)

References

CVSS V4

Timeline