CVE-2025-64730 is a cross-site scripting (XSS) vulnerability identified in all versions of the Sony Corporation SNC-CX600W network camera. This vulnerability allows an attacker to inject and execute arbitrary scripts within the context of the web browser of any user who accesses the device's web interface. The flaw arises due to insufficient input sanitization or output encoding in the web interface, enabling malicious payloads to be reflected or stored and executed upon user interaction. Exploitation requires the victim to interact with a crafted URL or malicious content served by the device or an attacker-controlled intermediary, as no authentication is required but user interaction is necessary. The CVSS 3.0 base score of 5.2 reflects an attack vector over the adjacent network (AV:A), low attack complexity (AC:L), no privileges required (PR:N), user interaction required (UI:R), scope changed (S:C), and impacts on confidentiality and integrity at a low level (C:L/I:L), with no impact on availability (A:N). The vulnerability could enable attackers to steal session cookies, perform unauthorized actions on behalf of the user, or conduct phishing attacks targeting users of the camera interface. No public exploits or active exploitation have been reported to date. The vulnerability affects all firmware versions of the SNC-CX600W, indicating a need for vendor patching or mitigation measures. The device is commonly used in surveillance and security monitoring, making it a potential target for attackers seeking to compromise physical security systems or gain footholds in networks.

For European organizations, the exploitation of this XSS vulnerability could lead to unauthorized access to the camera's web interface through session hijacking or credential theft, potentially compromising surveillance systems. This could result in loss of confidentiality of video feeds or control over camera functions, undermining physical security. While the vulnerability does not directly impact availability, the integrity of monitoring data could be affected, leading to false alarms or missed detections. Organizations in sectors such as critical infrastructure, transportation, government, and large enterprises using these cameras are at higher risk. The medium severity indicates that while the threat is not immediately critical, it could be leveraged as part of a broader attack chain, especially in targeted attacks or espionage campaigns. The requirement for user interaction limits mass exploitation but does not eliminate risk in environments where users frequently access camera interfaces. The absence of known exploits in the wild reduces immediate urgency but does not preclude future exploitation.

1. Restrict access to the SNC-CX600W web interface by implementing network segmentation and firewall rules to limit access only to authorized personnel and trusted networks. 2. Monitor for and apply firmware updates or patches from Sony Corporation as soon as they become available to address this vulnerability. 3. Employ web application firewalls (WAFs) or intrusion prevention systems (IPS) capable of detecting and blocking XSS payloads targeting the camera interface. 4. Educate users who access the camera interface about the risks of clicking on untrusted links or opening suspicious content related to the cameras. 5. Use strong authentication mechanisms and consider multi-factor authentication if supported by the device to reduce risk from stolen credentials. 6. Regularly audit and monitor logs for unusual access patterns or signs of exploitation attempts. 7. If patching is delayed, consider disabling web interface features that accept user input or restrict browser access to the interface via VPN or secure tunnels. 8. Implement Content Security Policy (CSP) headers if configurable on the device to mitigate the impact of XSS attacks.