Lucene search
+L

Sony Camera SNC-CX600W Cross-Site Request Forgery (CVE-2025-62497)

🗓️ 03 Dec 2025 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 2 Views

CSRF in Sony SNC-CX600W before 2.8.0 allows unintended actions by a logged-in user on crafted pages.

Related
Refs
Code
ReporterTitlePublishedViews
Family
CNNVD
Sony SNC-CX600W 跨站请求伪造漏洞
25 Nov 202500:00
cnnvd
CVE
CVE-2025-62497
25 Nov 202504:37
cve
Cvelist
CVE-2025-62497
25 Nov 202504:37
cvelist
EUVD
EUVD-2025-199538
25 Nov 202504:37
euvd
Japan Vulnerability Notes
Multiple vulnerabilities in SNC-CX600W
25 Nov 202505:59
jvn
NVD
CVE-2025-62497
25 Nov 202505:16
nvd
OSV
CVE-2025-62497
25 Nov 202505:16
osv
Positive Technologies
PT-2025-47985
25 Nov 202500:00
ptsecurity
RedhatCVE
CVE-2025-62497
27 Nov 202516:59
redhatcve
Vulnrichment
CVE-2025-62497
25 Nov 202504:37
vulnrichment
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(504814);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/02/27");

  script_cve_id("CVE-2025-62497");

  script_name(english:"Sony Camera SNC-CX600W Cross-Site Request Forgery (CVE-2025-62497)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"Cross-site request forgery vulnerability exists in SNC-CX600W versions
prior to Ver.2.8.0. If a user accesses a specially crafted webpage
while logged in, unintended operations may be performed.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"https://jvn.jp/en/jp/JVN75140384/");
  script_set_attribute(attribute:"see_also", value:"https://www.sony.com/electronics/support/ip-cameras-fixed/snc-cx600w");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:U");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-62497");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(352);

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/11/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/11/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/12/03");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:sony:snc-cx600w_firmware");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Sony");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Sony');

var asset = tenable_ot::assets::get(vendor:'Sony');

var vuln_cpes = {
    "cpe:/o:sony:snc-cx600w_firmware" :
        {"versionEndExcluding" : "2.8.0", "family" : "SonyIPCameras"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

27 Feb 2026 00:00Current
6Medium risk
Vulners AI Score6
CVSS 3.16.5
CVSS 42.1
CVSS 33.1
EPSS0.00096
SSVC
2