CVE-2025-12351

Published: Oct 27, 2025

Modified: Oct 27, 2025

PUBLISHED

CVSS v3.1

6.8

MEDIUM

Description

Honeywell S35 Series Cameras contains an authorization bypass Vulnerability through User controller key. An attacker could potentially exploit this vulnerability, leading to Privilege Escalation to admin privileged functionalities . Honeywell also recommends updating to the most recent version of this product, service or offering (S35 Pinhole/Kit Camera to version 2025.08.28, S35 AI Fisheye & Dual Sensor/Micro Dome/Full Color Eyeball & Bullet Camera to version 2025.08.22, S35 Thermal Camera to version 2025.08.26).

Vendor	Product	Versions
Honeywell	S35 3M/5M/8M/Pinhole/Kit Camera	affected `2022.02.28 - < 2025.08.28`
Honeywell	S35 AI Fisheye&Dual Sensor/Micro Dome/Full Color Eyeball&Bullet Camera	affected `2024.08.10 - < 2025.08.22`
Honeywell	S35 Thermal Camera	affected `2024.10.21 - < 2025.08.26`

Weaknesses (CWE)

CWE-639

CWE-668

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

References

https://www.honeywell.com/us/en/product-security

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-12351

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References