Unrestricted File Upload Vulnerability in BlackVue Dashcam by BlackVue
CVE-2025-7075

6.3MEDIUM

Key Information:

Vendor: BlackVue
Status: BlackVue Dashcam 590X
Vendor: CVE Published:; 6 July 2025

What is CVE-2025-7075?

A vulnerability has been identified in the BlackVue Dashcam 590X affecting versions up to 20250624. This issue resides within the HTTP Endpoint component, specifically concerning the file /upload.cgi, which allows unrestricted file uploads. Attackers within the local network can exploit this flaw to upload malicious files, posing potential security risks. Despite early notification, there has been no response from the vendor regarding remediation efforts.

References

https://github.com/geo-chen/BlackVue/blob/main/README.md#...

https://vuldb.com/?ctiid.314989

https://vuldb.com/?id.314989

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 6, 2025