Cyber Posture

CVE-2025-30123

Critical

Published: 18 March 2025

Published
18 March 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0011 28.8th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.

Security Summary

CVE-2025-30123, published on 2025-03-18, affects ROADCAM X3 devices through their associated Viidure mobile app APK. The vulnerability stems from hardcoded FTP credentials for the FTPX user account embedded in the APK, classified under CWE-798 (Use of Hard-coded Credentials). It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical due to its potential for high-impact confidentiality, integrity, and availability violations.

Any remote attacker with network access to the device's FTP service can exploit this vulnerability by using the exposed credentials, requiring no authentication privileges, user interaction, or special complexity. Successful exploitation grants unauthorized access to the device, enabling extraction of sensitive recorded footage stored on it.

References point to a GitHub repository at https://github.com/geo-chen/RoadCam, likely containing related research or proof-of-concept details, and the official ROADCAM X3 installation page at https://roadcam.my/pages/install-x3. No vendor advisories or patch details are specified in the available information.

Details

CWE(s)
CWE-798

MITRE ATT&CK Enterprise Techniques

T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
attack.mitre.org →
T1078.003 Local Accounts Stealth
Adversaries may obtain and abuse credentials of a local account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
attack.mitre.org →
T1133 External Remote Services Persistence
Adversaries may leverage external-facing remote services to initially access and/or persist within a network.
attack.mitre.org →
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
attack.mitre.org →
Why these techniques?

Hardcoded credentials embedded in APK map directly to T1552.001; enables use of valid local account (FTPX) via external remote service (FTP) per T1078.003 and T1133 for unauthorized device access and data extraction per T1005.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References