CVE-2025-30125 is a critical vulnerability affecting Marbella KR8s Dashcam FF 2.0.8 devices. These dashcams are shipped with a default password of '12345678' for all units, creating an insecure-by-default condition classified under CWE-798 (Use of Hard-coded Credentials). This means that any attacker with network access to the device can attempt to authenticate using this known default password without any prior knowledge or user interaction. Furthermore, even if users change the default password, the system restricts passwords to a maximum of 8 characters. Due to this limitation, passwords remain vulnerable to brute-force attacks. It has been demonstrated that such 8-character passwords can be cracked within approximately 8 hours using low-end commercial cloud computing resources. The CVSS v3.1 base score of 9.8 reflects the critical nature of this vulnerability, with an attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). Exploitation of this vulnerability could allow an attacker to gain unauthorized access to the dashcam, potentially enabling them to manipulate or exfiltrate recorded video footage, disrupt device operation, or use the device as a foothold within a larger network. No patches or fixes have been published at this time, and there are no known exploits in the wild, but the ease of exploitation and severity warrant immediate attention.

For European organizations, especially those in logistics, transportation, law enforcement, and fleet management sectors that utilize Marbella KR8s Dashcam FF 2.0.8 devices, this vulnerability poses significant risks. Unauthorized access to dashcams can lead to the compromise of sensitive video evidence, which may include personal data protected under GDPR, thereby exposing organizations to regulatory penalties. Attackers could manipulate footage to cover illicit activities or disrupt operations by disabling or corrupting devices. Additionally, compromised dashcams could serve as entry points for lateral movement within corporate networks, increasing the risk of broader cyberattacks. The critical severity and network accessibility mean that attackers can exploit this vulnerability remotely without user interaction, increasing the likelihood of widespread exploitation if the devices are connected to public or poorly secured networks.

Organizations should immediately audit their Marbella KR8s Dashcam FF 2.0.8 deployments to identify devices still using the default password '12345678' and enforce password changes. Given the password length limitation, it is crucial to use the most complex 8-character passwords possible, incorporating a mix of uppercase, lowercase, numbers, and special characters to maximize entropy. Network segmentation should be implemented to isolate dashcams from critical infrastructure and limit network exposure. Employing firewall rules to restrict access to dashcam management interfaces only to trusted IP addresses can reduce attack surface. Monitoring network traffic for unusual access patterns to dashcams can help detect attempted exploitation. Until a vendor patch is available, organizations should consider disabling remote management features if feasible. Additionally, engaging with the vendor to demand a firmware update that removes hard-coded credentials and supports stronger password policies is essential for long-term remediation.