CVE-2025-11852
published 2025-10-16CVE-2025-11852: A vulnerability was found in Apeman ID71 218.53.203.117. The impacted element is an unknown function of the file /onvif/device_service of the component ONVIF…
PriorityP336medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
0.57%
42.7th percentile
A vulnerability was found in Apeman ID71 218.53.203.117. The impacted element is an unknown function of the file /onvif/device_service of the component ONVIF Service. Performing manipulation results in missing authentication. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apeman | id71 | — | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv4.05.5MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2f45-j73v-44gw: A vulnerability was found in Apeman ID71 218
ghsa_unreviewed·2025-10-16
CVE-2025-11852 [MEDIUM] CWE-287 GHSA-2f45-j73v-44gw: A vulnerability was found in Apeman ID71 218
A vulnerability was found in Apeman ID71 218.53.203.117. The impacted element is an unknown function of the file /onvif/device_service of the component ONVIF Service. Performing manipulation results in missing authentication. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
CISA ICS
Apeman Cameras
cisa_ics·2026-03-10·CVSS 9.8
CVE-2025-11126 [CRITICAL] Apeman Cameras
ICS Advisory
##
Apeman Cameras
Release DateMarch 10, 2026
Alert CodeICSA-26-069-01
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## Summary
Successful exploitation of these vulnerabilities could allow an attacker to take control of the device or view camera feeds.
The following versions of Apeman Cameras are affected:
- ID71 vers:all/* (CVE-2025-11126, CVE-2025-11851, CVE-2025-11852)
CVSS
Vendor
Equipment
Vulnerabilities
| v3 9.8
| Apeman
| Apeman Cameras
| Insufficiently Protected Credentials, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Missing Authentication for Critical Function
## Background
- Critical Infrastructure Sectors: Commercial Facilities
- Countrie
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-10-16
Published