CVE-2025-66357 identifies a vulnerability in the CHOCO TEI WATCHER mini (IB-MCT001), a product by Inaba Denki Sangyo Co., Ltd., affecting all versions. The issue stems from an improper check for unusual or exceptional conditions during the device's Video Download feature when it enters a specific communication state. This flaw causes abnormal consumption of system resources, which can lead to denial of service conditions by exhausting CPU, memory, or other critical resources. The vulnerability is remotely exploitable over the network without requiring authentication or user interaction, increasing its risk profile. The CVSS 3.0 base score is 5.3 (medium), reflecting the lack of impact on confidentiality or integrity but a clear impact on availability. No public exploits have been reported yet, and no patches are currently linked, indicating that mitigation options may be limited to detection and containment until vendor fixes are released. The vulnerability could be leveraged by attackers to disrupt video monitoring operations, potentially affecting surveillance or security monitoring reliant on this device. The improper handling of exceptional states suggests a robustness issue in the device's firmware or software stack, which may be triggered by malformed or unexpected network traffic during video download sessions.

For European organizations, the primary impact of CVE-2025-66357 is on availability, as the abnormal resource consumption can lead to denial of service conditions on the affected devices. Organizations relying on CHOCO TEI WATCHER mini for video surveillance or monitoring could experience interruptions in their security operations, potentially creating blind spots or delays in incident detection. This is particularly critical for sectors such as transportation, critical infrastructure, manufacturing, and public safety where continuous video monitoring is essential. Although confidentiality and integrity are not directly impacted, the disruption of availability can indirectly increase risk exposure by delaying response to other security events. The vulnerability’s remote exploitability without authentication means attackers can attempt exploitation from outside the network, increasing the attack surface. The absence of known exploits in the wild currently reduces immediate risk but does not preclude future exploitation. European organizations should consider the operational impact and potential cascading effects on security posture and incident response capabilities.

1. Monitor device resource usage closely to detect abnormal spikes that may indicate exploitation attempts. 2. Implement network segmentation and access controls to restrict exposure of CHOCO TEI WATCHER mini devices to untrusted networks, limiting remote attack vectors. 3. Employ intrusion detection or anomaly detection systems to identify unusual communication states or traffic patterns related to the Video Download feature. 4. Engage with the vendor, Inaba Denki Sangyo Co., Ltd., to obtain patches or firmware updates addressing this vulnerability as soon as they become available. 5. If patching is delayed, consider temporary disabling or restricting the Video Download feature where feasible to reduce attack surface. 6. Maintain up-to-date asset inventories to identify all affected devices within the organization. 7. Conduct regular security assessments and penetration testing focusing on IoT and embedded devices to uncover similar robustness issues. 8. Educate operational technology and security teams about this vulnerability and appropriate incident response procedures.