Improper Authentication Vulnerability in 70mai 1S Video Services
CVE-2025-6524

2.3LOW

Key Information:

Vendor

70mai

Status
1s
Vendor
CVE Published:
23 June 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-6524?

A significant flaw has been identified in the 70mai 1S, specifically within its Video Services component. This vulnerability allows for improper authentication, which necessitates access to the local network for potential exploitation. The attack complexity is notably high, making the exploit challenging to execute. Although the exploit for this vulnerability has been publicly disclosed, the vendor has not engaged in communication regarding this issue despite being notified.

Affected Version(s)

1S 20250611

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-6524 - Proof of Concept

References

https://vuldb.com/?id.313641
vdb-entry
https://vuldb.com/?ctiid.313641
signaturepermissions-required
https://vuldb.com/?submit.595444
third-party-advisory

CVSS V4

Score:
2.3
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

geochen (VulDB User)
.
CVE-2025-6524 : Improper Authentication Vulnerability in 70mai 1S Video Services