Cross-Site Scripting Vulnerability in SNC-CX600W by Sony
CVE-2025-64730

4.8MEDIUM

Key Information:

Vendor

Sony Corporation

Status
Snc-cx600w
Vendor
CVE Published:
25 November 2025

What is CVE-2025-64730?

A cross-site scripting vulnerability is present in all versions of the SNC-CX600W, which could allow attackers to inject arbitrary scripts into the web interface. If successfully exploited, this vulnerability could enable the execution of malicious scripts in the browser of users who access the product, potentially leading to data theft or unauthorized actions on behalf of the victim.

Affected Version(s)

SNC-CX600W all versions

References

https://www.sony.com/electronics/support/ip-cameras-fixed...
https://jvn.jp/en/jp/JVN75140384/

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

CVSS V3.0

Score:
5.2
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.