CVE-2025-11851 Apeman CVE debrief

Who should care

Administrators and owners of Apeman ID71 devices, especially anyone exposing the camera web interface to untrusted networks or using it in environments where web-admin compromise would matter.

Technical summary

The source advisory identifies an unknown function in /set_alias.cgi as vulnerable to cross-site scripting when the alias argument is manipulated. The CVSS vector supplied by the advisory is AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N, reflecting a network-reachable issue that requires some privileges and user interaction, with limited confidentiality impact and no listed integrity or availability impact. The advisory also notes public exploit disclosure.

Defensive priority

Medium

Recommended defensive actions

• Inventory Apeman ID71 devices and confirm whether any systems match the affected EN75.8.53.20 firmware context described in the advisory.
• Restrict access to the device web interface so it is not reachable from untrusted networks.
• Review web requests to /set_alias.cgi for unexpected alias input or other anomalous access patterns.
• If vendor support or remediation is available, contact Apeman using the official support channel listed in the advisory.
• If the device cannot be updated or secured, place it behind stronger network controls or consider replacement for environments that require higher assurance.

Evidence notes

This debrief is based on the CISA CSAF advisory ICSA-26-069-01 published on 2026-03-10, which also carries the CVE-2025-11851 record and notes that the exploit had been publicly disclosed and the vendor did not respond to coordination attempts. The supplied advisory text provides the affected product context, attack surface, and CVSS vector. No KEV listing was supplied for this CVE.

Official resources