Cross-Site Request Forgery Vulnerability in SNC-CX600W by Sony
CVE-2025-62497

2.1LOW

Key Information:

Vendor: Sony Corporation
Status: Snc-cx600w
Vendor: CVE Published:; 25 November 2025

🔔 Create Sony Corporation Vulnerability Alert

What is CVE-2025-62497?

A cross-site request forgery vulnerability has been identified in the SNC-CX600W model by Sony. Users logged into the device could inadvertently trigger unwanted actions by interacting with specially crafted web pages, potentially compromising the security and functionality of the product. It is recommended to upgrade to Ver.2.8.0 or later to mitigate this risk.

Affected Version(s)

SNC-CX600W versions prior to Ver.2.8.0

References

https://www.sony.com/electronics/support/ip-cameras-fixed...

https://jvn.jp/en/jp/JVN75140384/

CVSS V4

Score:

2.1

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

CVSS V3.0

Score:

3.1

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 25, 2025
Vulnerability Reserved
Nov 19, 2025

JSON