The vulnerability CVE-2025-69988 affects BS Producten Petcam version 33.1.0.0818 and is classified as an incorrect access control issue. The camera exposes an open wireless network interface that does not require authentication, allowing any attacker within physical range to associate with it. Upon connection, the attacker gains access to the camera's private network interface, enabling them to intercept sensitive information including live video and audio streams. This bypasses any intended security controls, as no credentials or user interaction are required. The CVSS 3.1 base score is 6.5, reflecting medium severity, with attack vector being adjacent network (physical proximity), low attack complexity, no privileges or user interaction needed, and high confidentiality impact. The vulnerability compromises confidentiality but does not affect integrity or availability. No patches or mitigations have been officially released, and no exploits are known in the wild. The exposure of live feeds can lead to privacy violations, unauthorized surveillance, and potential further attacks leveraging the camera's network access.

The primary impact of this vulnerability is the unauthorized disclosure of sensitive live video and audio streams, which can severely compromise user privacy and security. Organizations using these cameras in sensitive environments—such as corporate offices, healthcare facilities, or critical infrastructure—face risks of espionage, data leakage, and surveillance. Attackers could monitor activities, gather intelligence, or use the camera as a foothold for lateral movement within the network if other vulnerabilities exist. Although the attack requires physical proximity, the open network interface significantly lowers the barrier to exploitation. The lack of authentication means that any nearby attacker can exploit this without sophisticated tools or credentials. This could lead to reputational damage, regulatory non-compliance (especially under privacy laws), and potential legal consequences for organizations failing to secure their devices.

To mitigate this vulnerability, organizations should immediately restrict physical access to the cameras to trusted personnel only. Disable or secure any open wireless interfaces on the affected Petcam devices, ideally by configuring strong authentication mechanisms or disabling the open network if possible. Network segmentation should be enforced to isolate IoT devices like cameras from critical internal networks, limiting the attack surface. Monitor network traffic for unauthorized connections to the camera’s interfaces. Until an official patch is released, consider replacing vulnerable devices with models that enforce proper access controls. Additionally, implement strict physical security controls to prevent unauthorized proximity to the devices. Regularly check vendor communications for firmware updates addressing this vulnerability and apply them promptly once available.