CVE-2025-13658 – Industrial Video & Control Longwatch has a Code Injection vulnerability

CVE ID : CVE-2025-13658

Published : Dec. 2, 2025, 7:35 p.m. | 50 minutes ago

Description : A vulnerability in Longwatch devices allows unauthenticated HTTP GET requests to execute arbitrary code via an exposed endpoint, due to the absence of code signing and execution controls. Exploitation results in SYSTEM-level privileges.

Severity: 9.3 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2025-13510 – Iskra iHUB and iHUB Lite has a Missing Authentication for Critical Function vulnerabilitiy

CVE-2025-13542 – DesignThemes LMS

CVE-2025-66468 – Aimeos GrapesJS CMS extension possible stores XSS exploitable by authenticated editors

CVE-2025-66460 – Lookyloo vulnerable to XSS due to lack of escaping in HTML elements passed to Datatables