SecuriTricks - CVE-2025-12351

Description

Honeywell S35 Series Cameras contains an authorization bypass Vulnerability through User controller key. An attacker could potentially exploit this vulnerability, leading to Privilege Escalation to admin privileged functionalities . Honeywell also recommends updating to the most recent version of this product, service or offering (S35 Pinhole/Kit Camera to version 2025.08.28, S35 AI Fisheye & Dual Sensor/Micro Dome/Full Color Eyeball & Bullet Camera to version 2025.08.22, S35 Thermal Camera to version 2025.08.26).

Product(s) Impacted

Vendor	Product	Versions
Honeywell	S35 Pinhole Camera S35 Ai Fisheye Dual Sensor Camera S35 Thermal Camera	2025.08.28 2025.08.22 2025.08.26

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-639

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	honeywell	s35_pinhole_camera	2025.08.28	/	/	/	/	/	/	/
a	honeywell	s35_ai_fisheye_dual_sensor_camera	2025.08.22	/	/	/	/	/	/	/
a	honeywell	s35_thermal_camera	2025.08.26	/	/	/	/	/	/	/

References

https://www.honeywell.com/us/en/product-security

CVSS Score

6.8 / 10

CVSS Data - 3.1

Attack Vector: NETWORK
Attack Complexity: HIGH
Privileges Required: LOW
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

View Vector String

Timeline

Published: Oct. 27, 2025, 3:15 p.m.
Last Modified: Oct. 27, 2025, 3:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

psirt@honeywell.com

CVE-2025-12351