CVE-2025-8075 is a vulnerability identified in the Hanwha Vision QNV-C8012 device, specifically related to improper input validation (CWE-20) of incoming XML format request messages. The flaw resides in the device's handling of XML data, where insufficient validation allows maliciously crafted XML payloads to be processed, leading to cross-site scripting (XSS) attacks on the user's browser. This XSS vulnerability enables an attacker to inject and execute arbitrary scripts within the context of the device's web interface, potentially hijacking user sessions, stealing sensitive information, or performing unauthorized actions. The vulnerability requires network access to the device and low-level privileges with partial authentication, but no user interaction is necessary for exploitation. The affected versions are all prior to firmware version 2.22.05, which the vendor has patched. The vulnerability was discovered by Nozomi Networks Labs, a security firm specializing in ICS and OT/IoT security, highlighting the device's use in industrial or operational technology environments. The CVSS 4.0 vector indicates a network attack vector (AV:N), low attack complexity (AC:L), partial authentication required (AT:P), low privileges (PR:L), no user interaction (UI:N), and no impact on confidentiality, integrity, or availability directly (VC:N/VI:N/VA:N), but with high scope and security requirements (SC:H/SI:H/SA:H). No public exploits have been reported yet, but the vulnerability's nature suggests potential for targeted attacks against organizations using these devices.

For European organizations, especially those deploying Hanwha Vision QNV-C8012 devices in critical infrastructure, surveillance, or industrial control systems, this vulnerability presents a risk of unauthorized script execution within device management interfaces. Successful exploitation could lead to session hijacking, credential theft, or manipulation of device settings, undermining operational security and potentially enabling further lateral movement within networks. Given the device's role in video surveillance and possibly OT environments, attackers could gain footholds that compromise physical security monitoring or industrial processes. The medium severity reflects that while direct impact on system availability or data confidentiality is limited, the XSS could serve as a stepping stone for more complex attacks. European entities with stringent data protection regulations (e.g., GDPR) must consider the risk of data exposure or unauthorized access resulting from such vulnerabilities. The lack of known exploits reduces immediate risk but does not eliminate the threat, especially from advanced persistent threat (APT) actors targeting European critical sectors.

Organizations should immediately verify the firmware version of all Hanwha Vision QNV-C8012 devices and apply the vendor's patch firmware version 2.22.05 or later. Network segmentation should be enforced to limit access to the device's management interfaces, restricting them to trusted administrative networks only. Implement strict access controls and monitor for unusual activity on these devices. Employ web application firewalls (WAFs) or intrusion detection/prevention systems (IDS/IPS) capable of detecting and blocking malicious XML payloads or XSS attempts targeting the device. Regularly audit device configurations and logs for signs of exploitation attempts. Additionally, educate administrators about the risks of XSS and ensure secure password policies and multi-factor authentication where supported. If patching is delayed, consider disabling web management interfaces or restricting them via VPN or secure tunnels to reduce exposure.