Security cameras are designed to keep commercial facilities safe. However, a newly disclosed critical vulnerability in Hangzhou Xiongmai Technology’s XM530 IP Cameras is putting networks at risk.
Tracked under the alert code ICSA-26-113-05 and officially designated as CVE-2025-65856, this flaw allows cybercriminals to bypass authentication entirely.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent alert on April 23, 2026, warning organizations worldwide about the severe risk of unauthorized remote access.
The core issue stems from a missing authentication check for a critical function within the camera’s firmware. In simple terms, the device software fails to properly verify if a user has the correct login credentials before granting administrative access.
Because of this oversight, the vulnerability has a maximum CVSS v3 score of 9.8 out of 10, placing it in the critical security threat category.
This flaw specifically affects the XM530V200_X6-WEQ_8M firmware version V5.00.R02.000807D8.10010. 346624.S. ONVIF_21.06.
If successfully exploited, an unauthenticated hacker on the network can seamlessly bypass login screens to view live video feeds, control camera settings, or extract sensitive data directly from the hardware.
Public Exploit Code Available
Security researcher Luis Miranda Acebedo authored and published a working Proof of Concept (PoC) exploit for this vulnerability. CISA discovered this public code and quickly reported it to MITRE for official tracking.
While CISA notes that no active cyberattacks targeting this specific flaw have been reported in the wild yet, the public availability of a PoC significantly raises the threat level.
It provides a blueprint that makes it incredibly easy for bad actors to launch automated attacks.
Since Xiongmai IP cameras are heavily deployed across commercial facilities worldwide, thousands of businesses could be unknowingly exposed to unauthorized surveillance.
Because these Internet of Things (IoT) devices are often placed in sensitive locations, organizations must take immediate defensive action to prevent potential breaches.
CISA recommends that network administrators implement the following protective measures immediately to secure their environments:
Disconnect control system devices from the public internet to completely minimize network exposure.
Place camera networks and remote devices behind strict firewalls to isolate them from internal business networks.
Use secure Virtual Private Networks (VPNs) when remote access to the cameras is necessary.
Update all VPN software to the most current versions to prevent secondary intrusion tactics.
Perform a thorough impact analysis and risk assessment before deploying any new defensive network measures.
Educate staff to avoid clicking suspicious web links or email attachments to prevent related social engineering attacks.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Xiongmai IP Camera Vulnerability Let Attackers Bypass Authentication and have Remote Access appeared first on Cyber Security News.
