CVE-2025-6532 is a medium-severity vulnerability affecting the NOYAFA LF9 Pro dashcam, specifically targeting an unknown functionality within the RTSP (Real Time Streaming Protocol) Live Video Stream Endpoint component. The vulnerability arises from improper access controls, allowing an attacker within the local network to potentially manipulate or access the video stream or related functionalities without proper authorization. The flaw does not require any authentication or user interaction, and the attack vector is limited to local network access, meaning remote exploitation over the internet is not feasible without prior network access. The CVSS 4.0 vector indicates low complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and partial impact on confidentiality (VC:L) with no impact on integrity or availability. The vulnerability was publicly disclosed on June 24, 2025, and while no known exploits are currently observed in the wild, the public disclosure increases the risk of exploitation by local attackers. The dashcam is distributed under multiple reseller brands, which may complicate patch deployment and vulnerability management. No patches or mitigation links have been provided at the time of disclosure.

For European organizations, the impact of this vulnerability is primarily related to privacy and confidentiality risks. Dashcams like the NOYAFA LF9 Pro are often used in fleet management, logistics, transportation services, and by private individuals. Unauthorized access to live video streams could lead to exposure of sensitive operational details, vehicle locations, or personal data, potentially violating GDPR regulations. While the vulnerability does not affect system integrity or availability, the confidentiality breach could be exploited for corporate espionage, stalking, or other malicious activities. The local network attack vector limits the threat to environments where the attacker has physical or network proximity, such as compromised internal networks, guest Wi-Fi, or insider threats. Organizations with large vehicle fleets or those relying on these dashcams for security and monitoring should be particularly cautious, as attackers could leverage this vulnerability to gain unauthorized surveillance capabilities.

Given the lack of official patches, European organizations should implement network segmentation to isolate dashcams from general corporate networks, restricting access to trusted devices only. Deploy VLANs or dedicated subnets for IoT and vehicle devices, enforcing strict firewall rules to block unauthorized local network access to RTSP endpoints. Regularly audit network traffic for unusual RTSP connection attempts. Where possible, disable RTSP streaming if not required or replace devices with models that have verified secure access controls. Additionally, enforce strong Wi-Fi security protocols (WPA3 preferred) to prevent unauthorized local network access. Organizations should engage with NOYAFA or resellers to obtain firmware updates or security advisories. Finally, educate staff about the risks of connecting unknown devices to internal networks and monitor for insider threats that could exploit local network access.