CVE-2025-2345

critical

Description

A vulnerability, which was classified as very critical, was found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. This affects an unknown part. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.

References

https://vuldb.com/?submit.516883

https://vuldb.com/?id.299811

https://vuldb.com/?ctiid.299811

https://github.com/geo-chen/IROAD/blob/main/README.md#finding-5-managing-settings-to-obtain-sensitive-data-and-sabotaging-car-battery

Details

Source: Mitre, NVD

Published: 2025-03-16

Updated: 2025-03-16

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

CVSS v4

Base Score: 9.3

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Severity: Critical

EPSS

EPSS: 0.00069