CVE-2025-12915 is a file inclusion vulnerability identified in the 70mai X200 device firmware up to version 20251019. The vulnerability stems from insecure processing within the Init Script Handler component, which improperly handles file references, enabling an attacker to include arbitrary files on the device. This can lead to unauthorized disclosure or modification of sensitive files, potentially compromising device integrity and confidentiality. Exploitation requires local access with high privileges, indicating that an attacker must already have significant control or physical access to the device. The attack complexity is high, meaning it is difficult to execute successfully. No user interaction is needed, and the vulnerability does not require network access, limiting remote exploitation. The CVSS 4.0 base score is 7.1, reflecting high severity due to the impact on confidentiality, integrity, and availability, combined with the difficulty of exploitation. Although an exploit has been publicly disclosed, there are no reports of active exploitation in the wild. The vendor 70mai has not responded to early disclosure attempts, and no patches are currently available. This vulnerability primarily affects environments where the 70mai X200 device is deployed, such as automotive dashcams or fleet management systems, where local attackers could leverage this flaw to escalate privileges or manipulate device behavior.

For European organizations, especially those in automotive, logistics, and fleet management sectors using 70mai X200 devices, this vulnerability poses significant risks. Successful exploitation could lead to unauthorized access to sensitive data stored on the device, manipulation of device configurations, or disruption of device functionality, impacting operational integrity. Confidentiality breaches could expose location data or recorded footage, raising privacy concerns under GDPR. Integrity compromises might allow attackers to alter logs or disable security features, undermining trust in device data. Availability impacts are less likely but possible if the device is rendered inoperable. The requirement for local high-privilege access limits the threat to insiders or attackers with physical access, but insider threats or compromised endpoints could exploit this. The lack of vendor response and patches increases exposure duration, necessitating proactive defensive measures. Organizations relying on these devices should consider the potential for targeted attacks, especially in high-value or sensitive operational contexts.

1. Restrict physical and local access to 70mai X200 devices to trusted personnel only, employing strict access controls and monitoring. 2. Implement network segmentation to isolate devices and limit lateral movement if local access is gained. 3. Monitor device logs and behavior for anomalies indicative of exploitation attempts, such as unexpected file access or script executions. 4. Employ endpoint security solutions on connected systems to detect and prevent privilege escalation or unauthorized local access. 5. Engage with 70mai or authorized vendors to obtain firmware updates or patches as soon as they become available. 6. If patching is not immediately possible, consider disabling or restricting the Init Script Handler component if feasible, or deploying compensating controls such as application whitelisting. 7. Conduct regular security audits and penetration tests focusing on local access vectors to identify and remediate weaknesses. 8. Educate staff on the risks of local device tampering and enforce policies to prevent unauthorized device use or modification.