High severity7.5NVD Advisory· Published Dec 22, 2025· Updated May 7, 2026

CVE-2025-65857

Description

An issue was discovered in Xiongmai XM530 IP cameras on firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. The GetStreamUri exposes RTSP URIs containing hardcoded credentials enabling direct unauthorized video stream access.

Affected products

Xiongmai/XM530 IP camerasdescription
Xiongmaitech/Xm530v200 X6 Weq 8m Firmware
cpe:2.3:o:xiongmaitech:xm530v200_x6-weq_8m_firmware:5.00.r02.000807d8.10010.346624.s.onvif_21.06:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

luismirandaacebedo.github.io/CVE-2025-65857/nvdExploitMitigationThird Party Advisory
hangzhou.comnvdPermissions Required
ip.comnvdNot Applicable
www.xiongmaitech.com/en/index.php/service/notice_info/51/4nvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000