How severe is CVE-2025-66051?

CVE-2025-66051 has a CVSS v3 score of 6.5 (MEDIUM).

CVE-2025-66051

Name: ip7137
Author: vivotek

6.5MEDIUM

Vivotek IP7137 camera with firmware version 0200a is vulnerable to path traversal. It is possible for an authenticated attacker to access resources beyond webroot directory using a direct HTTP request

Veröffentlicht: 1/9/2026Aktualisiert: 1/14/2026

Beschreibung

Vivotek IP7137 camera with firmware version 0200a is vulnerable to path traversal. It is possible for an authenticated attacker to access resources beyond webroot directory using a direct HTTP request. Due to CVE-2025-66050, a password for administration panel is not set by default. The vendor has not replied to the CNA. Possibly all firmware versions are affected. Since the product has met End-Of-Life phase, a fix is not expected to be released.

KI-AnalyseKI-gestützt

Betroffene Produkte

vivotekip7137_firmware

0200a

vivotekip7137

Referenzen

https://cert.pl/posts/2026/01/CVE-2025-66049
Third Party Advisory