PatchSiren cyber security CVE debrief
CVE-2025-11852 Apeman CVE debrief
CVE-2025-11852 is a remotely reachable authentication issue in the ONVIF service on Apeman ID71 devices. CISA’s advisory says manipulation of the /onvif/device_service endpoint can result in missing authentication, and it notes that exploit code has been made public. The advisory also states the vendor did not respond to early coordination attempts. Based on the published CVSS v3.1 vector, the issue is rated medium severity and appears to have limited confidentiality impact without reported integrity or availability impact.
- Vendor
- Apeman
- Product
- ID71
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-10
- Original CVE updated
- 2026-03-10
- Advisory published
- 2026-03-10
- Advisory updated
- 2026-03-10
Who should care
Organizations that operate Apeman ID71 cameras, especially if the ONVIF service is reachable from internal or external networks. Security and facilities teams responsible for IP cameras, building systems, or other internet-connected video devices should review exposure and access controls.
Technical summary
The advisory describes an unauthenticated remote condition affecting an unknown function in /onvif/device_service within the ONVIF service component. The reported result is missing authentication, which can permit unauthorized access to the service. CISA’s CVSS vector is AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N (5.3), indicating network reachability with no privileges or user interaction required and limited confidentiality impact.
Defensive priority
Medium. Prioritize if the device is internet-facing, reachable from user networks, or used in environments where camera access should be tightly restricted.
Recommended defensive actions
- Identify all Apeman ID71 devices and confirm whether /onvif/device_service is reachable from untrusted networks.
- Restrict network exposure with segmentation, firewall rules, and access-control lists so ONVIF services are only reachable from approved management hosts.
- Review device and surrounding network logs for unexpected ONVIF access attempts or unauthorized use.
- If possible, apply vendor guidance or coordinate through Apeman support using the contact information provided in the CISA advisory.
- If compensating controls are needed, disable or tightly limit ONVIF functionality where operationally feasible.
- Use CISA ICS recommended practices to strengthen device isolation, credential handling, and monitoring around exposed industrial/IoT assets.
Evidence notes
This debrief is based on the CISA CSAF advisory ICSA-26-069-01 published on 2026-03-10, which names CVE-2025-11852 and describes a remote missing-authentication condition in Apeman ID71 /onvif/device_service. The advisory notes that exploit code was publicly available and that the vendor did not respond to early contact attempts. The supplied advisory metadata includes CVSS v3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N and an SSVCv2 note dated 2026-03-09 in the source context.
Official resources
-
CVE-2025-11852 CVE record
CVE.org
-
CVE-2025-11852 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the CISA advisory on 2026-03-10. The source states that exploit code had been made public and that the vendor did not respond to early coordination attempts.