Back

Critical Vulnerability in Xiongmai IP Cameras Allows Remote Access

Severity: High (Score: 69.9)

Sources: Cybersecuritynews, Gbhackers

Summary

A critical vulnerability has been discovered in Hangzhou Xiongmai Technology’s XM530 IP Cameras, tracked as CVE-2025-65856. This flaw enables attackers to bypass authentication protocols, granting them remote access to the cameras and potentially sensitive information. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert on April 23, 2026, highlighting the severity of the issue. The vulnerability affects numerous commercial facilities that utilize these cameras, raising concerns about unauthorized surveillance and data breaches. The flaw was first publicly disclosed in December 2025, with a proof of concept (PoC) released shortly before. Organizations using these cameras are urged to take immediate action to mitigate risks. The scope of the impact is significant, given the widespread deployment of these devices in various sectors. Key Points: • CVE-2025-65856 allows attackers to bypass authentication on XM530 IP Cameras. • CISA issued an alert on April 23, 2026, emphasizing the critical nature of the vulnerability. • Organizations are advised to take immediate action to secure affected devices.

Key Entities

  • Data Breach (attack_type)
  • Hangzhou Xiongmai Technology (company)
  • CVE-2025-65856 (cve)
  • CWE-287 - Improper Authentication (cwe)
  • IP Cameras (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed