Search criteria
2 vulnerabilities found for Ubox by Ubia
CVE-2025-12636 (GCVE-0-2025-12636)
Vulnerability from nvd – Published: 2025-11-06 22:15 – Updated: 2026-01-28 16:06
VLAI?
Title
Ubia Ubox
Summary
The Ubia camera ecosystem fails to adequately secure API credentials,
potentially enabling an attacker to connect to backend services. The
attacker would then be able to gain unauthorized access to available
cameras, enabling the viewing of live feeds or modification of settings.
Severity ?
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ubia | Ubox Android |
Affected:
0 , < January 15, 2026
(custom)
|
||
Credits
Milos C. reported this vulnerability to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12636",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-07T13:24:02.909794Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-07T13:24:09.996Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Ubox Android",
"vendor": "Ubia",
"versions": [
{
"lessThan": "January 15, 2026",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Ubox IOS",
"vendor": "Ubia",
"versions": [
{
"lessThan": "January 15, 2026",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Milos C. reported this vulnerability to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Ubia camera ecosystem fails to adequately secure API credentials, \npotentially enabling an attacker to connect to backend services. The \nattacker would then be able to gain unauthorized access to available \ncameras, enabling the viewing of live feeds or modification of settings."
}
],
"value": "The Ubia camera ecosystem fails to adequately secure API credentials, \npotentially enabling an attacker to connect to backend services. The \nattacker would then be able to gain unauthorized access to available \ncameras, enabling the viewing of live feeds or modification of settings."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-28T16:06:41.083Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-310-02"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-310-02.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Ubia reports that the vulnerability has been resolved through a backend fix, and no user action is required to apply the patch.\u003cbr\u003e\u003cbr\u003eHowever, users running older versions of the application may experience reduced functionality. To ensure full compatibility, Ubia recommends updating to at least the following versions or newer:\u003cbr\u003e\u003cbr\u003e* Ubox Android: Version 1.1.306\u003cbr\u003e* Ubox IOS: Version 1.1.90\u003cbr\u003e"
}
],
"value": "Ubia reports that the vulnerability has been resolved through a backend fix, and no user action is required to apply the patch.\n\nHowever, users running older versions of the application may experience reduced functionality. To ensure full compatibility, Ubia recommends updating to at least the following versions or newer:\n\n* Ubox Android: Version 1.1.306\n* Ubox IOS: Version 1.1.90"
}
],
"source": {
"advisory": "ICSA-25-310-02",
"discovery": "EXTERNAL"
},
"title": "Ubia Ubox",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-12636",
"datePublished": "2025-11-06T22:15:01.130Z",
"dateReserved": "2025-11-03T15:33:59.314Z",
"dateUpdated": "2026-01-28T16:06:41.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12636 (GCVE-0-2025-12636)
Vulnerability from cvelistv5 – Published: 2025-11-06 22:15 – Updated: 2026-01-28 16:06
VLAI?
Title
Ubia Ubox
Summary
The Ubia camera ecosystem fails to adequately secure API credentials,
potentially enabling an attacker to connect to backend services. The
attacker would then be able to gain unauthorized access to available
cameras, enabling the viewing of live feeds or modification of settings.
Severity ?
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ubia | Ubox Android |
Affected:
0 , < January 15, 2026
(custom)
|
||
Credits
Milos C. reported this vulnerability to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12636",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-07T13:24:02.909794Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-07T13:24:09.996Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Ubox Android",
"vendor": "Ubia",
"versions": [
{
"lessThan": "January 15, 2026",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Ubox IOS",
"vendor": "Ubia",
"versions": [
{
"lessThan": "January 15, 2026",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Milos C. reported this vulnerability to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Ubia camera ecosystem fails to adequately secure API credentials, \npotentially enabling an attacker to connect to backend services. The \nattacker would then be able to gain unauthorized access to available \ncameras, enabling the viewing of live feeds or modification of settings."
}
],
"value": "The Ubia camera ecosystem fails to adequately secure API credentials, \npotentially enabling an attacker to connect to backend services. The \nattacker would then be able to gain unauthorized access to available \ncameras, enabling the viewing of live feeds or modification of settings."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-28T16:06:41.083Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-310-02"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-310-02.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Ubia reports that the vulnerability has been resolved through a backend fix, and no user action is required to apply the patch.\u003cbr\u003e\u003cbr\u003eHowever, users running older versions of the application may experience reduced functionality. To ensure full compatibility, Ubia recommends updating to at least the following versions or newer:\u003cbr\u003e\u003cbr\u003e* Ubox Android: Version 1.1.306\u003cbr\u003e* Ubox IOS: Version 1.1.90\u003cbr\u003e"
}
],
"value": "Ubia reports that the vulnerability has been resolved through a backend fix, and no user action is required to apply the patch.\n\nHowever, users running older versions of the application may experience reduced functionality. To ensure full compatibility, Ubia recommends updating to at least the following versions or newer:\n\n* Ubox Android: Version 1.1.306\n* Ubox IOS: Version 1.1.90"
}
],
"source": {
"advisory": "ICSA-25-310-02",
"discovery": "EXTERNAL"
},
"title": "Ubia Ubox",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-12636",
"datePublished": "2025-11-06T22:15:01.130Z",
"dateReserved": "2025-11-03T15:33:59.314Z",
"dateUpdated": "2026-01-28T16:06:41.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}