CVE-2025-25680

Summary

CVE-2025-25680 is a remote code execution (RCE) vulnerability affecting the LSC Indoor PTZ Camera with version 7.6.32. The issue lies in the tuya_ipc_direct_connect function of the anyka_ipc process. An attacker can exploit this vulnerability by presenting the camera with a maliciously crafted QR code during the Wi-Fi configuration process, allowing arbitrary code execution on the device. Successful exploitation may result in unauthorized access or unintended functionality, posing a potential threat to network security. Users are advised to update their camera firmware to the latest version as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.