CVE-2025-8760 is a critical buffer overflow vulnerability identified in the INSTAR 2K+ and 4K camera firmware version 3.11.1 Build 1124, specifically within the base64_decode function of the fcgi_server component. The vulnerability arises from improper handling of the Authorization argument, which can be manipulated remotely without authentication or user interaction. An attacker can craft a malicious Authorization header that triggers a buffer overflow condition, potentially allowing arbitrary code execution or causing a denial of service on the affected device. The vulnerability is remotely exploitable over the network, requiring no privileges or user interaction, which significantly increases its risk profile. The CVSS v4.0 score of 9.3 (critical) reflects the high impact on confidentiality, integrity, and availability, as successful exploitation could lead to full compromise of the device. The lack of current known exploits in the wild suggests the vulnerability is newly disclosed, but the ease of exploitation and severity warrant immediate attention. The affected component, fcgi_server, is likely part of the device's web interface or API handling, making it a critical attack surface for these IP cameras.

For European organizations deploying INSTAR 2K+ or 4K cameras, this vulnerability poses a significant security risk. Exploitation could lead to unauthorized access to video streams, device takeover, or network pivoting to other internal systems. This threatens confidentiality by exposing sensitive surveillance footage, integrity by allowing attackers to manipulate device behavior or firmware, and availability by causing device crashes or denial of service. Organizations relying on these cameras for physical security, especially in critical infrastructure, government facilities, or corporate environments, could face operational disruptions and privacy violations. Given the remote exploitability and lack of required authentication, attackers could scan and compromise vulnerable devices at scale, potentially creating botnets or espionage platforms. The impact extends beyond individual devices to the broader network security posture of affected organizations.

Immediate mitigation steps include isolating affected INSTAR 2K+ and 4K devices from untrusted networks and restricting access to their management interfaces via network segmentation and firewall rules. Organizations should monitor network traffic for unusual Authorization header patterns indicative of exploitation attempts. Since no official patches are currently listed, contacting INSTAR support for firmware updates or advisories is critical. As a temporary workaround, disabling or restricting the fcgi_server component or its web interface, if feasible, can reduce exposure. Implementing strong network-level authentication and VPN access for remote management can add layers of defense. Regularly auditing device firmware versions and maintaining an asset inventory will help identify and prioritize vulnerable devices. Finally, organizations should prepare incident response plans for potential exploitation scenarios involving these cameras.