CVE-2025-64730 is a cross-site scripting (XSS) vulnerability identified in all versions of the Sony Corporation SNC-CX600W IP camera. This vulnerability arises from insufficient input sanitization in the device's web interface, allowing attackers to inject arbitrary scripts that execute in the context of a user's browser when they access the compromised interface. The attack vector is remote and requires the victim to interact with a maliciously crafted URL or web page that triggers the XSS payload. No authentication is required to exploit this vulnerability, but user interaction is necessary, such as clicking a link or visiting a malicious page. The vulnerability impacts the confidentiality and integrity of the user session by potentially enabling theft of cookies, session tokens, or other sensitive information, as well as enabling actions on behalf of the user. However, it does not affect the availability of the device. The CVSS v3.0 base score is 5.2, indicating medium severity, with attack vector being adjacent network (AV:A), low attack complexity (AC:L), no privileges required (PR:N), user interaction required (UI:R), scope changed (S:C), and low impact on confidentiality and integrity (C:L, I:L), and no impact on availability (A:N). There are no known exploits in the wild at the time of publication, and no patches have been linked yet. The vulnerability was published on November 25, 2025, by JPCERT. The SNC-CX600W is commonly used in surveillance and security monitoring, which makes this vulnerability relevant for organizations relying on these devices for physical security.

For European organizations, exploitation of this XSS vulnerability could lead to unauthorized access to user sessions, theft of credentials, or execution of malicious scripts within the context of the device's web interface. This could facilitate further attacks such as lateral movement within networks, data exfiltration, or manipulation of camera feeds. Organizations using these cameras in sensitive environments—such as government facilities, critical infrastructure, or corporate offices—may face increased risk of espionage or sabotage. The impact is primarily on confidentiality and integrity of user interactions with the device. Since the vulnerability requires user interaction and is limited to adjacent network access, the risk is somewhat contained but still significant in environments where users frequently access these devices' web interfaces. The lack of known exploits reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits over time. The medium severity rating suggests that while not critical, the vulnerability should be addressed promptly to avoid potential compromise.

1. Monitor Sony’s official channels for patches or firmware updates addressing CVE-2025-64730 and apply them immediately upon release. 2. Restrict access to the SNC-CX600W web interface to trusted networks only, using network segmentation and firewall rules to limit exposure. 3. Implement strong authentication and access controls on the device to reduce the likelihood of unauthorized access. 4. Employ web application firewalls (WAFs) or reverse proxies with input validation capabilities to detect and block malicious script injections targeting the camera’s interface. 5. Educate users about the risks of clicking on unknown or suspicious links related to device management interfaces. 6. Regularly audit and monitor network traffic and device logs for unusual activity that could indicate exploitation attempts. 7. Consider disabling web interface access if not required or replacing vulnerable devices with models that have secure coding practices and active vendor support.