CVE-2025-35451 PTZOptics CVE debrief

Who should care

Organizations that deploy PTZOptics, ValueHD, multiCAM Systems, or SMTAV pan-tilt-zoom cameras should treat this as an immediate review item, especially where cameras support remote administration or are deployed in operational or enterprise networks. Security, IT, and OT teams responsible for embedded devices and network segmentation should verify exposure and remediation status.

Technical summary

CISA’s CSAF advisory for CVE-2025-35451 describes a design-level authentication and service-hardening problem in affected cameras: SSH or telnet, or both, are enabled by default; OS administrative accounts have default passwords that are trivial to crack; and the user cannot change those passwords or disable the services. The affected product list spans multiple PTZOptics models and broader ValueHD-family camera entries, with PTZOptics providing fixes for the listed affected versions via its known vulnerabilities and fixes page.

Defensive priority

Immediate. The issue is network-reachable in nature, rated CVSS 3.1 9.8/CRITICAL by the advisory, and centers on default administrative access that cannot be user-hardened on the affected device. Prioritize asset identification, exposure reduction, and vendor-supported remediation.

Recommended defensive actions

• Inventory all PTZOptics, ValueHD, multiCAM Systems, and SMTAV camera deployments against the affected model/version list in the CISA advisory.
• Check whether SSH and/or telnet are enabled on each device and whether the device is reachable from untrusted or broadly shared networks.
• Apply the vendor fix path provided by PTZOptics for the affected versions using the vendor’s known vulnerabilities and fixes page.
• If a device cannot be remediated immediately, isolate it with network segmentation and restrict administrative access to trusted management hosts only.
• Review operational monitoring for unexpected logins or configuration changes on camera management interfaces and adjacent network devices.
• Follow CISA ICS recommended practices for embedded and industrial control systems while planning longer-term device replacement or upgrade where needed.

Evidence notes

All substantive claims are drawn from the supplied CISA CSAF advisory and its referenced official links. The advisory states that SSH/telnet are enabled by default, administrative users have trivial default passwords, and users cannot change the passwords or disable the services. The supplied enrichment shows the issue is not currently marked as KEV. No exploit technique, proof-of-concept, or unsupported exposure claim is included.

Official resources