Inadequate Access Control Vulnerability in Davantis DFUSION Security Software
CVE-2025-41016

8.7HIGH

Key Information:

Vendor: Davantis
Status: Dfusion
Vendor: CVE Published:; 24 November 2025

What is CVE-2025-41016?

An inadequate access control vulnerability in Davantis DFUSION v6.177.7 enables unauthorized individuals to gain access to sensitive media files, including images and videos linked to alarm events. By accessing the specific endpoint '/alarms/<ALARM_ID>/', where the MEDIA parameter can be specified as either 'snapshot' or 'video.mp4', attackers can extract recorded footage from security cameras that reacted to security alerts. This poses a serious risk as it allows potential attackers to retrieve private surveillance data without authentication.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

DFUSION prior to 6.186.1

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Nov 24, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

Ferran Plaza

JSON

Davantis

What is CVE-2025-41016?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.