Unrated severityNVD Advisory· Published Dec 22, 2025· Updated Dec 22, 2025

CVE-2025-65856

Description

Authentication bypass vulnerability in Xiongmai XM530 IP cameras on Firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06 allows unauthenticated remote attackers to access sensitive device information and live video streams. The ONVIF implementation fails to enforce authentication on 31 critical endpoints, enabling direct unauthorized video stream access.

Affected products

Xiongmai/XM530 IP camerasdescription

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

hangzhou.commitre
ip.commitre
luismirandaacebedo.github.io/CVE-2025-65856/mitre

News mentions

Hangzhou Xiongmai Technology Co., Ltd XM530 IP Camera
CISA Alerts

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000