CVE-2025-35452 is a critical security vulnerability identified in the PTZOptics PT12X-SE-xx-G3 pan-tilt-zoom (PTZ) cameras, which are based on ValueHD technology. The vulnerability arises from the use of hard-coded, default administrative credentials embedded within the device's firmware. These credentials are shared across multiple devices and cannot be changed by the end user, leading to a significant security risk. Because the administrative web interface is accessible over the network and requires no authentication beyond these default credentials, an attacker can remotely gain full administrative control over the camera without any user interaction or prior authentication. The CVSS v3.1 base score of 9.8 reflects the critical nature of this vulnerability, with an attack vector that is network-based (AV:N), requiring no privileges (PR:N) or user interaction (UI:N), and resulting in high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). Exploitation of this vulnerability could allow an attacker to manipulate camera settings, intercept video streams, disable surveillance, or use the device as a foothold for further network intrusion. Although no known exploits are currently reported in the wild, the ease of exploitation and the severity of impact make this a pressing security concern for organizations deploying these cameras. The lack of available patches or firmware updates further exacerbates the risk, necessitating immediate mitigation actions.

For European organizations, especially those relying on PTZOptics PT12X-SE-xx-G3 cameras for physical security, this vulnerability poses a severe threat. Compromise of these cameras could lead to unauthorized surveillance, loss of privacy, and exposure of sensitive video feeds, potentially violating GDPR and other data protection regulations. Attackers gaining control over these devices could disrupt security monitoring, enabling physical breaches or espionage. Additionally, compromised cameras could be leveraged as entry points into corporate networks, facilitating lateral movement and data exfiltration. Critical infrastructure, government facilities, educational institutions, and enterprises using these cameras are at heightened risk. The impact extends beyond confidentiality to integrity and availability, as attackers could alter camera configurations or disable devices entirely, undermining security operations. Given the high CVSS score and network accessibility, the threat is significant and demands urgent attention to prevent exploitation within European environments.

Since no official patches or firmware updates are currently available, European organizations should implement immediate compensating controls. First, isolate PTZOptics PT12X-SE-xx-G3 cameras on dedicated network segments or VLANs with strict access controls to limit exposure. Employ network-level authentication mechanisms such as VPNs or IP whitelisting to restrict access to the camera management interface. Disable or block remote administrative access from untrusted networks, including the internet. Monitor network traffic for unusual activity related to these devices and implement intrusion detection systems tuned to detect attempts to exploit default credentials. Where possible, replace affected cameras with models that allow credential customization or have been verified as secure. Additionally, conduct regular security audits and asset inventories to identify all affected devices within the organization. Educate security and IT teams about the risks associated with hard-coded credentials and enforce policies to avoid deploying devices with such vulnerabilities in the future.