CVE-2025-30124 is a security vulnerability identified in the Marbella KR8s Dashcam FF version 2.0.8. The issue arises when a new SD card is inserted into the dashcam device: the device automatically writes the existing user password onto the SD card in cleartext without any encryption or protection. This behavior exposes the password to anyone who gains temporary physical access to the dashcam and can swap the SD card. An attacker can then retrieve the SD card and extract the password, potentially gaining unauthorized access to the dashcam or associated systems. The vulnerability stems from insecure handling of sensitive credentials and improper data storage practices within the device firmware. Since the password is stored in plaintext on removable media, it bypasses typical network-based protections and requires only brief physical access to exploit. There is no indication that this vulnerability requires user interaction beyond physical access, nor that authentication is needed to trigger the password writing process. No patches or fixes have been published yet, and no known exploits are currently reported in the wild. The vulnerability was reserved in March 2025 and published in July 2025, with no CVSS score assigned at this time.

For European organizations, this vulnerability poses a significant risk especially for entities that deploy Marbella KR8s Dashcams in fleet vehicles, security surveillance, or transportation monitoring. The exposure of passwords in plaintext could lead to unauthorized access to dashcam footage, tampering with recorded data, or manipulation of device settings. This could compromise the integrity and confidentiality of video evidence, which is critical for law enforcement, insurance claims, and corporate security. Additionally, if the dashcams are integrated into broader IoT or vehicle networks, the attacker could leverage the compromised credentials to pivot into other connected systems, amplifying the impact. The requirement for physical access limits remote exploitation but insider threats or opportunistic attackers with brief access could still cause damage. The loss of data confidentiality and potential disruption to availability of dashcam services could affect operational continuity and legal compliance for European organizations relying on these devices.

Organizations should immediately inventory their deployment of Marbella KR8s Dashcam FF 2.0.8 devices and restrict physical access to these devices to trusted personnel only. Until a vendor patch is available, consider disabling automatic SD card insertion if possible or using SD cards with tamper-evident seals to detect unauthorized swaps. Implement strict access controls and monitoring around vehicles or locations where dashcams are installed. If feasible, replace affected dashcams with alternative models that do not exhibit this vulnerability. Additionally, organizations should monitor for any firmware updates or security advisories from the vendor and apply patches promptly once released. Training staff to recognize the risk of physical tampering and enforcing policies for secure handling of removable media will further reduce exposure. Forensic analysis of SD cards removed from devices should be conducted cautiously to avoid leaking sensitive credentials.