cbcvebase.
CVE-2025-13658
published 2025-12-02

CVE-2025-13658: A vulnerability in Longwatch devices allows unauthenticated HTTP GET requests to execute arbitrary code via an exposed endpoint, due to the absence of code…

PriorityP267critical9.3CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.60%
44.5th percentile
A vulnerability in Longwatch devices allows unauthenticated HTTP GET requests to execute arbitrary code via an exposed endpoint, due to the absence of code signing and execution controls. Exploitation results in SYSTEM-level privileges.

Affected

1 ranges
VendorProductVersion rangeFixed in
industrial_video_controllongwatch6.309 – 6.334

Detection & IOCsextracted from sources · hover to see the quote

  • Detect unauthenticated HTTP GET requests targeting the exposed Longwatch endpoint that triggers code execution
  • Successful exploitation results in SYSTEM-level process privileges; monitor for unexpected SYSTEM-level child processes spawned from the Longwatch service
  • Affected versions are Longwatch 6.309 through 6.334; flag any internet-exposed instances of these versions as high-priority targets
  • ·No specific vulnerable endpoint path, payload structure, or network port is publicly disclosed in available sources; detection rules cannot be narrowed beyond generic unauthenticated HTTP GET traffic to Longwatch devices
  • ·No known public exploitation has been reported at time of advisory publication, limiting availability of real-world IOCs
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.