Critical Authentication Bypass in Xiongmai XM530 IP Cameras
⚠️ A critical authentication bypass (CVE-2025-65856) affects Hangzhou Xiongmai Technology Co., Ltd XM530 IP cameras running firmware V5.00.R02.000807D8.10010.346624.S.ONVIF_21.06. The ONVIF implementation fails to enforce authentication on 31 endpoints, allowing unauthenticated remote attackers to access sensitive device information and live video streams. CISA rates the issue CRITICAL (CVSS 3.1 9.8). The vendor has not cooperated with CISA; users should minimize network exposure, isolate devices behind firewalls, and contact Xiongmai support for guidance.
