Security Advisory

CVE-2025-41016

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-11-24 12:18:45

Last updated 2025-11-24 13:11:29

Assigner INCIBE

State PUBLISHED

Description

Inadequate access control vulnerability in Davantis DFUSION v6.177.7, which allows unauthorised actors to extract images and videos related to alarm events through access to “/alarms/<ALARM_ID>/<MEDIA>”, where the “MEDIA” parameter can take the value of “snapshot” or “video.mp4”. These media files contain images recorded by security cameras in response to triggered alerts.

← Browse all CVEs View on cve.org ↗