CVE-2025-12915 is a file inclusion vulnerability identified in the 70mai X200 device firmware up to version 20251019. The vulnerability arises from improper handling within the Init Script Handler component, which processes initialization scripts during device startup or configuration. An attacker with local access and high privileges can manipulate this component to include arbitrary files, potentially leading to unauthorized code execution, information disclosure, or system compromise. The attack complexity is high, requiring detailed knowledge of the device internals and local privileged access, but it does not require user interaction. The CVSS v4.0 base score is 7.1, reflecting significant impact on confidentiality, integrity, and availability, with a local attack vector and high attack complexity. The vendor 70mai was contacted early but did not respond or provide a patch, leaving the vulnerability unmitigated at the time of disclosure. No known exploits are currently active in the wild, but the public disclosure increases the risk of future exploitation. This vulnerability is particularly concerning for environments where 70mai X200 devices are deployed in critical roles, such as automotive telematics or IoT ecosystems, where file inclusion can lead to persistent compromise or data leakage.

For European organizations, the impact of CVE-2025-12915 can be substantial, especially for those relying on 70mai X200 devices in automotive, fleet management, or IoT contexts. Successful exploitation could lead to unauthorized access to sensitive data, manipulation of device behavior, or disruption of services, undermining operational integrity and safety. Confidentiality breaches could expose personal or corporate data, while integrity violations could allow attackers to alter device functions or logs, complicating forensic analysis. Availability could also be affected if the device is rendered unstable or unusable. Given the local access requirement and high complexity, the threat is more likely to originate from insider threats or attackers who have already gained partial access to the environment. However, the public disclosure and absence of vendor remediation increase the risk of exploitation attempts. European organizations with regulatory obligations around data protection and operational security must consider this vulnerability a significant risk.

Mitigation should focus on limiting local access to the 70mai X200 devices, enforcing strict access controls and monitoring for unauthorized physical or network access. Organizations should implement robust privilege management to ensure only trusted administrators have high-level access. Network segmentation can reduce the risk of lateral movement to vulnerable devices. Since no official patch is available, consider deploying host-based intrusion detection systems (HIDS) or endpoint detection and response (EDR) solutions to detect anomalous file inclusion or script execution activities. Regularly audit device configurations and logs for signs of tampering. Engage with 70mai or third-party security researchers for potential unofficial patches or workarounds. Finally, plan for device replacement or firmware upgrades once a vendor patch becomes available, and maintain an incident response plan tailored to IoT and automotive device compromises.