{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-69988", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-27T15:05:02.451Z", "dateReserved": "2026-01-09T00:00:00.000Z", "datePublished": "2026-03-27T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-27T14:18:56.227Z"}, "descriptions": [{"lang": "en", "value": "BS Producten Petcam 33.1.0.0818 is vulnerable to Incorrect Access Control. An unauthenticated attacker in physical proximity can associate with this open network. Once connected, the attacker gains access to the camera's private network interface and can retrieve sensitive information, including the live video and audio stream, without providing credentials."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/victorGoeman/BS-Producten-Petcam-Security-Research/blob/main/CVE-2025-69988.md"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AC:L/AV:A/A:N/C:H/I:N/PR:N/S:U/UI:N", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-284", "lang": "en", "description": "CWE-284 Improper Access Control"}]}], "references": [{"url": "https://github.com/victorGoeman/BS-Producten-Petcam-Security-Research/blob/main/CVE-2025-69988.md", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-27T15:04:56.437240Z", "id": "CVE-2025-69988", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T15:05:02.451Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-69988", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-27T15:04:56.437240Z"}}}], "references": [{"url": "https://github.com/victorGoeman/BS-Producten-Petcam-Security-Research/blob/main/CVE-2025-69988.md", "tags": ["exploit"]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T15:04:29.242Z"}}], "cna": {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AC:L/AV:A/A:N/C:H/I:N/PR:N/S:U/UI:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/victorGoeman/BS-Producten-Petcam-Security-Research/blob/main/CVE-2025-69988.md"}], "descriptions": [{"lang": "en", "value": "BS Producten Petcam 33.1.0.0818 is vulnerable to Incorrect Access Control. An unauthenticated attacker in physical proximity can associate with this open network. Once connected, the attacker gains access to the camera's private network interface and can retrieve sensitive information, including the live video and audio stream, without providing credentials."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-27T14:18:56.227Z"}}}, "cveMetadata": {"cveId": "CVE-2025-69988", "state": "PUBLISHED", "dateUpdated": "2026-03-27T15:05:02.451Z", "dateReserved": "2026-01-09T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-27T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "BS Producten Petcam 33.1.0.0818 is vulnerable to Incorrect Access Control. An unauthenticated attacker in physical proximity can associate with this open network. Once connected, the attacker gains access to the camera's private network interface and can retrieve sensitive information, including the live video and audio stream, without providing credentials."}], "id": "CVE-2025-69988", "lastModified": "2026-03-30T13:26:29.793", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2026-03-27T15:16:46.017", "references": [{"source": "cve@mitre.org", "url": "https://github.com/victorGoeman/BS-Producten-Petcam-Security-Research/blob/main/CVE-2025-69988.md"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/victorGoeman/BS-Producten-Petcam-Security-Research/blob/main/CVE-2025-69988.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "33.1.0.0818"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "petcam", "vendor": "bs_producten"}], "analysis": {"en": {"generated_at": "2026-03-27T16:25:52.651625+00:00", "value": {"mitigation_remediation": ["Update the firmware to the latest version released by BS Producten.", "If an update is unavailable, disable open network access and enable a strong password on the device\u2019s management interface.", "Ensure the device is placed out of reach of untrusted individuals."], "summary": {"action": "Apply Patch", "impact": "Unauthorized access to video and audio streams without credentials"}, "threat_synthesis": {"affected_systems": "Browser devices manufactured by BS Producten, specifically the Petcam 33.1.0.0818 firmware build, are susceptible. The vulnerability applies only to this exact version; no other versions are currently known to be affected.", "description_and_impact": "The vulnerability allows an attacker who can physically reach the device to connect to its open network service without authentication. Once connected, the attacker can access the camera\u2019s private interface and retrieve live video and audio streams, effectively stealing sensitive surveillance data. This flaw stems from incorrect access control mechanisms and is classified as a credential\u2011less data capture.", "risk_and_exploitability": "The CVSS base score of 6.5 indicates moderate severity. Although the EPSS score is unavailable, the requirement for physical proximity and open\u2010network access limits broader exploitation. The issue is not listed in the CISA Known Exploited Vulnerabilities catalog, suggesting no publicly confirmed exploits. Still, the risk of immediate unauthorized data access remains significant for anyone in the device\u2019s vicinity."}}}}, "created": "2026-03-27T20:29:07.860344+00:00", "updated": "2026-03-30T08:00:19.854975+00:00", "vendors": ["bs_producten", "bs_producten$PRODUCT$petcam"]}