CloudEdge Online Cameras and App

MonitorCVSS 7.5ICS-CERT ICSA-25-294-05Oct 21, 2025

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

CloudEdge App version 4.4.2 contains a vulnerability that allows an attacker to gain access to live video feeds and camera control without authentication. The vendor has not responded to coordination attempts and does not plan to provide a patch. No public exploitation has been reported.

What this means

What could happen

An attacker could intercept and view live video feeds from CloudEdge cameras and potentially control them remotely, compromising facility surveillance and enabling physical security reconnaissance.

Who's at risk

Facilities that rely on CloudEdge online cameras for surveillance and physical security, including water utilities, electric utilities, manufacturing plants, and other critical infrastructure that use these cameras for monitoring.

How it could be exploited

An attacker with network access to the CloudEdge App or cameras can exploit this vulnerability without credentials to intercept the video stream and gain control functions. The attacker would need to reach the camera or app interface over the network.

Prerequisites

Network access to CloudEdge camera or app interface
No authentication required
CloudEdge App version 4.4.2

remotely exploitableno authentication requiredlow complexityno patch availableaffects physical securityactively monitored but not yet exploited

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

CloudEdge App: 4.4.24.4.2No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGRestrict network access to CloudEdge cameras to authorized users only using firewall rules and network segmentation

HARDENINGEnsure CloudEdge cameras and app are not directly accessible from the internet or untrusted networks

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGIf remote access to CloudEdge is required, require VPN with strong authentication

WORKAROUNDContact CloudEdge or Meari Technologies to inquire about security patches or alternative products

Mitigations - no patch available

0/1

CloudEdge App: 4.4.2 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGIsolate camera network from critical operational networks using network segmentation

CVEs (1)

CVE-2025-11757

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/8c5e2e00-0b8e-4026-bcd2-1501dd7e43e5

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.