CVE-2025-13658 is a critical vulnerability classified under CWE-94 (Improper Control of Generation of Code), affecting Industrial Video & Control's Longwatch device, specifically version 6.309. The flaw arises from an exposed HTTP GET endpoint that lacks proper authentication and code execution controls, including the absence of code signing mechanisms. This allows an unauthenticated remote attacker to inject and execute arbitrary code on the device with SYSTEM-level privileges, effectively granting full control over the affected system. The vulnerability's CVSS 4.0 score is 9.3, reflecting its critical nature with network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), and no user interaction (UI:N). The impact metrics for confidentiality, integrity, and availability are all high, indicating that exploitation can lead to complete compromise of the device and potentially the broader industrial control environment it supports. Longwatch devices are commonly deployed in industrial automation and critical infrastructure monitoring, making this vulnerability particularly dangerous. No patches or exploit code are currently publicly available, but the lack of authentication and code execution controls makes exploitation straightforward for attackers who can reach the device's network interface. The vulnerability was published on December 2, 2025, with the initial reservation on November 25, 2025, by ICS-CERT, underscoring its relevance to industrial cybersecurity. Due to the critical privileges gained and the device's role in industrial environments, exploitation could lead to severe operational disruptions, data breaches, or sabotage.

For European organizations, especially those operating in industrial automation, manufacturing, energy, and critical infrastructure sectors, this vulnerability poses a severe risk. Exploitation can lead to full system compromise of Longwatch devices, enabling attackers to manipulate industrial processes, disrupt monitoring and control functions, or pivot to other network segments. This could result in operational downtime, safety hazards, data theft, or sabotage of critical services. The SYSTEM-level access granted by the exploit means attackers can disable security controls, install persistent malware, or exfiltrate sensitive operational data. Given Europe's reliance on industrial control systems and the strategic importance of sectors like energy and manufacturing, successful exploitation could have cascading effects on supply chains and national infrastructure resilience. Additionally, regulatory frameworks such as NIS2 and GDPR impose strict requirements on cybersecurity and incident reporting, increasing the compliance risks associated with this vulnerability.

1. Immediately isolate Longwatch devices from public or untrusted networks by implementing strict network segmentation and access controls, ensuring only authorized management networks can reach these devices. 2. Employ firewall rules to block all unnecessary inbound traffic to Longwatch devices, particularly HTTP GET requests to the exposed endpoint. 3. Monitor network traffic for unusual or unauthorized HTTP requests targeting Longwatch devices to detect potential exploitation attempts early. 4. Coordinate with Industrial Video & Control for timely release and deployment of security patches or firmware updates addressing this vulnerability. 5. Implement application-layer gateways or reverse proxies that can enforce authentication and input validation before requests reach the device. 6. Conduct thorough audits of all Longwatch devices to identify affected versions and replace or upgrade devices running vulnerable firmware. 7. Enhance incident response capabilities with specific playbooks for industrial control system compromises, including containment and recovery procedures. 8. Educate operational technology (OT) personnel about the risks and signs of exploitation to improve detection and response times.