PatchSiren cyber security CVE debrief
CVE-2025-65856 Raw CVE debrief
CVE-2025-65856 is a critical unauthenticated access issue in Hangzhou Xiongmai Technology Co., Ltd XM530 IP cameras. According to CISA’s advisory, the affected ONVIF implementation fails to enforce authentication on 31 critical endpoints, which can let remote attackers view sensitive device information and live video streams. The advisory was published on 2026-04-23, and the source material indicates the vendor had not responded to mitigation requests at publication time.
- Vendor
- Raw
- Product
- Hangzhou Xiongmai Technology Co., Ltd IP Camera XM530V200_X6-WEQ_8M firmware V5.00.R02.000807D8.10010.346624.S.ONVIF_21.06
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-23
- Original CVE updated
- 2026-04-23
- Advisory published
- 2026-04-23
- Advisory updated
- 2026-04-23
Who should care
Organizations using XM530-based Xiongmai IP cameras, especially teams responsible for physical security, surveillance, building operations, and network segmentation. Security teams should also care if these cameras are reachable from untrusted networks or exposed through ONVIF-enabled management paths.
Technical summary
CVE-2025-65856 affects Xiongmai XM530 IP cameras running firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. The issue is an authentication bypass in the ONVIF implementation: authentication is not enforced on 31 critical endpoints. CISA describes the impact as unauthorized access to sensitive device information and live video streams. The advisory maps the issue to CVSS 3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (9.8, Critical).
Defensive priority
Immediate. Treat affected cameras as high-risk exposed devices and reduce access to ONVIF and management interfaces until the environment is verified and vendor guidance is applied.
Recommended defensive actions
- Inventory all Xiongmai XM530 camera deployments and confirm whether they run firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06.
- Restrict network access to camera management and ONVIF services to trusted administrative hosts or segmented management networks only.
- If affected, contact Xiongmai Technology customer support for remediation guidance referenced by CISA and track any vendor-provided corrective actions.
- Review camera, NVR, and access logs for unusual requests to device information or video-stream endpoints.
- Segment surveillance devices from general user and internet-facing networks, and verify that remote exposure is not enabled unnecessarily.
Evidence notes
Source evidence comes from CISA’s CSAF advisory ICSA-26-113-05 and the associated CVE record, both published on 2026-04-23. The advisory text explicitly states: authentication bypass, 31 critical ONVIF endpoints without enforced authentication, sensitive device information exposure, and live video stream access. The source also notes that Hangzhou Xiongmai Technology Co., Ltd had not responded to mitigation requests at the time of publication. No KEV listing is indicated in the supplied corpus.
Official resources
-
CVE-2025-65856 CVE record
CVE.org
-
CVE-2025-65856 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed by CISA in ICS Advisory ICSA-26-113-05 on 2026-04-23, with the CVE record published the same day. The supplied advisory states the vendor had not responded to mitigation requests at publication time.