CVE-2025-63667

Incorrect access control in SIMICAM v1.16.41-20250725, KEVIEW v1.14.92-20241120, ASECAM v1.14.10-20240725 allows attackers to access sensitive API endpoints without authentication.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/Remenis/CVE-2025-63667	Mitigation Third Party Advisory
https://github.com/Remenis/Vatilon_evidence/releases/download/Evidence/Vatilon_vulnerability_evidence_2025.zip	Broken Link
https://vatilon.com/

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:simicam:ip_camera_firmware:1.16.41:*:*:*:*:*:*:*

cpe:2.3:h:simicam:ip_camera:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:keview:ip_camera_firmware:1.14.92:*:*:*:*:*:*:*

cpe:2.3:h:keview:ip_camera:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:asecam:ip_camera_firmware:1.14.10:*:*:*:*:*:*:*

cpe:2.3:h:asecam:ip_camera:-:*:*:*:*:*:*:*

History

05 Jan 2026, 18:15

Type	Values Removed	Values Added
References		() https://vatilon.com/ -
References	~~() https://github.com/Remenis/CVE-2025-63667 - Third Party Advisory, Mitigation~~	() https://github.com/Remenis/CVE-2025-63667 - Mitigation, Third Party Advisory

02 Jan 2026, 20:59

Type	Values Removed	Values Added
CPE		cpe:2.3:h:asecam:ip_camera:-:::::::* cpe:2.3:o:simicam:ip_camera_firmware:1.16.41:::::::* cpe:2.3:h:simicam:ip_camera:-:::::::* cpe:2.3:o:keview:ip_camera_firmware:1.14.92:::::::* cpe:2.3:h:keview:ip_camera:-:::::::* cpe:2.3:o:asecam:ip_camera_firmware:1.14.10:::::::*
References	~~() https://github.com/Remenis/CVE-2025-63667 -~~	() https://github.com/Remenis/CVE-2025-63667 - Third Party Advisory, Mitigation
References	~~() https://github.com/Remenis/Vatilon_evidence/releases/download/Evidence/Vatilon_vulnerability_evidence_2025.zip -~~	() https://github.com/Remenis/Vatilon_evidence/releases/download/Evidence/Vatilon_vulnerability_evidence_2025.zip - Broken Link
First Time		Asecam ip Camera Firmware Keview ip Camera Firmware Simicam ip Camera Simicam ip Camera Firmware Asecam Keview ip Camera Keview Asecam ip Camera Simicam

12 Nov 2025, 21:15

Type	Values Removed	Values Added
CWE		CWE-284
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5

12 Nov 2025, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-11-12 15:15

Updated : 2026-01-05 18:15

NVD link : CVE-2025-63667

Mitre link : CVE-2025-63667

CVE.ORG link : CVE-2025-63667

JSON object : View

Products Affected

simicam

ip_camera
ip_camera_firmware

asecam

ip_camera
ip_camera_firmware

keview

ip_camera_firmware
ip_camera

CWE

CWE-284

Improper Access Control

7.5 /10