Inadequate Permission Management in Hanwha Vision's Security Cameras
CVE-2025-52599

6.3MEDIUM

Key Information:

Vendor: Hanwha Vision Co., Ltd.
Status: Qnv-c8012
Vendor: CVE Published:; 26 December 2025

🔔 Create Hanwha Vision Co., Ltd. Vulnerability Alert

What is CVE-2025-52599?

Hanwha Vision's security cameras have been found to have inadequate management of permissions for guest accounts, which could allow unauthorized access and manipulation of camera settings. This vulnerability raises significant security concerns, particularly in industrial control systems and integrated IoT environments. The manufacturer has acknowledged this flaw and released a firmware patch to address the issue. Users are advised to apply the latest updates and refer to the manufacturer's report for further details and recommended workarounds.

Affected Version(s)

QNV-C8012 Prior to version 2.22.05

References

https://www.hanwhavision.com/wp-content/uploads/2025/12/C...

CVSS V4

Score:

6.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 26, 2025
Vulnerability Reserved
Jun 18, 2025

JSON