EUVD-2025-36196

🗓️ 27 Oct 2025 15:03:57Reported by EUVDType

Honeywell S35 cameras have an authorization bypass via the user controller key, enabling admin privilege escalation. Update to the latest versions.

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2025-12351	7 May 202515:48	–	circl
CNNVD	Honeywell S35 Series 安全漏洞	27 Oct 202500:00	–	cnnvd
CVE	CVE-2025-12351	27 Oct 202515:03	–	cve
Cvelist	CVE-2025-12351 Inadequate access control measure allows unauthorized users to access restricted administrative functions	27 Oct 202515:03	–	cvelist
NVD	CVE-2025-12351	27 Oct 202515:15	–	nvd
Positive Technologies	PT-2025-43970	27 Oct 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-12351	28 Oct 202515:04	–	redhatcve
Vulnrichment	CVE-2025-12351 Inadequate access control measure allows unauthorized users to access restricted administrative functions	27 Oct 202515:03	–	vulnrichment

[
  {
    "enisaIdVendor": [
      {
        "id": "c816a60a-025f-3b5d-9c16-7a088812cd93",
        "vendor": {
          "name": "Honeywell"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "12958def-8035-3329-b657-01afa5cffd63",
        "product": {
          "name": "S35 AI Fisheye&Dual Sensor/Micro Dome/Full Color Eyeball&Bullet Camera"
        },
        "product_version": "2024.08.10 <2025.08.22"
      },
      {
        "id": "26f24161-8c4a-331d-94ca-5aa33f186fac",
        "product": {
          "name": "S35 Thermal Camera"
        },
        "product_version": "2024.10.21 <2025.08.26"
      },
      {
        "id": "9852dbda-5b3c-319d-870c-6a1decfd791f",
        "product": {
          "name": "S35 3M/5M/8M/Pinhole/Kit Camera"
        },
        "product_version": "2022.02.28 <2025.08.28"
      }
    ]
  }
]

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-12351
honeywell	www.honeywell.com/us/en/product-security

27 Oct 2025 16:04Current

6.3Medium risk

Vulners AI Score6.3

CVSS 3.16.8

EPSS0.00031

SSVC