{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-12636", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2025-11-03T15:33:59.314Z", "datePublished": "2025-11-06T22:15:01.130Z", "dateUpdated": "2026-01-28T16:06:41.083Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Ubox Android", "vendor": "Ubia", "versions": [{"lessThan": "January 15, 2026", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Ubox IOS", "vendor": "Ubia", "versions": [{"lessThan": "January 15, 2026", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Milos C. reported this vulnerability to CISA."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The Ubia camera ecosystem fails to adequately secure API credentials, \npotentially enabling an attacker to connect to backend services. The \nattacker would then be able to gain unauthorized access to available \ncameras, enabling the viewing of live feeds or modification of settings."}], "value": "The Ubia camera ecosystem fails to adequately secure API credentials, \npotentially enabling an attacker to connect to backend services. The \nattacker would then be able to gain unauthorized access to available \ncameras, enabling the viewing of live feeds or modification of settings."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 7.1, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-522", "description": "CWE-522", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2026-01-28T16:06:41.083Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-310-02"}, {"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-310-02.json"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Ubia reports that the vulnerability has been resolved through a backend fix, and no user action is required to apply the patch.<br><br>However, users running older versions of the application may experience reduced functionality. To ensure full compatibility, Ubia recommends updating to at least the following versions or newer:<br><br>* Ubox Android: Version 1.1.306<br>* Ubox IOS: Version 1.1.90<br>"}], "value": "Ubia reports that the vulnerability has been resolved through a backend fix, and no user action is required to apply the patch.\n\nHowever, users running older versions of the application may experience reduced functionality. To ensure full compatibility, Ubia recommends updating to at least the following versions or newer:\n\n* Ubox Android: Version 1.1.306\n* Ubox IOS: Version 1.1.90"}], "source": {"advisory": "ICSA-25-310-02", "discovery": "EXTERNAL"}, "title": "Ubia Ubox", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-07T13:24:02.909794Z", "id": "CVE-2025-12636", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-07T13:24:09.996Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-12636", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-11-07T13:24:02.909794Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-07T13:24:07.073Z"}}], "cna": {"title": "Ubia Ubox", "source": {"advisory": "ICSA-25-310-02", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Milos C. reported this vulnerability to CISA."}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Ubia", "product": "Ubox Android", "versions": [{"status": "affected", "version": "0", "lessThan": "January 15, 2026", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Ubia", "product": "Ubox IOS", "versions": [{"status": "affected", "version": "0", "lessThan": "January 15, 2026", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Ubia reports that the vulnerability has been resolved through a backend fix, and no user action is required to apply the patch.\n\nHowever, users running older versions of the application may experience reduced functionality. To ensure full compatibility, Ubia recommends updating to at least the following versions or newer:\n\n* Ubox Android: Version 1.1.306\n* Ubox IOS: Version 1.1.90", "supportingMedia": [{"type": "text/html", "value": "Ubia reports that the vulnerability has been resolved through a backend fix, and no user action is required to apply the patch.<br><br>However, users running older versions of the application may experience reduced functionality. To ensure full compatibility, Ubia recommends updating to at least the following versions or newer:<br><br>* Ubox Android: Version 1.1.306<br>* Ubox IOS: Version 1.1.90<br>", "base64": false}]}], "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-310-02"}, {"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-310-02.json"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "The Ubia camera ecosystem fails to adequately secure API credentials, \npotentially enabling an attacker to connect to backend services. The \nattacker would then be able to gain unauthorized access to available \ncameras, enabling the viewing of live feeds or modification of settings.", "supportingMedia": [{"type": "text/html", "value": "The Ubia camera ecosystem fails to adequately secure API credentials, \npotentially enabling an attacker to connect to backend services. The \nattacker would then be able to gain unauthorized access to available \ncameras, enabling the viewing of live feeds or modification of settings.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-522", "description": "CWE-522"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2026-01-28T16:06:41.083Z"}}}, "cveMetadata": {"cveId": "CVE-2025-12636", "state": "PUBLISHED", "dateUpdated": "2026-01-28T16:06:41.083Z", "dateReserved": "2025-11-03T15:33:59.314Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2025-11-06T22:15:01.130Z", "assignerShortName": "icscert"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Ubia camera ecosystem fails to adequately secure API credentials, \npotentially enabling an attacker to connect to backend services. The \nattacker would then be able to gain unauthorized access to available \ncameras, enabling the viewing of live feeds or modification of settings."}], "id": "CVE-2025-12636", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2025-11-06T23:15:35.693", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-310-02.json"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-310-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-522"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}

{}

{"created": "2025-11-07T10:54:08.960701+00:00", "updated": "2025-11-07T10:54:08.960735+00:00", "vendors": ["ubia", "ubia$PRODUCT$ubox"]}