Detections
Analytics
Sony Camera SNC-CX600W Cross-Site Request Forgery (CVE-2025-62497)
low Tenable OT Security Plugin ID 504814
Synopsis
The remote OT asset is affected by a vulnerability.Description
Cross-site request forgery vulnerability exists in SNC-CX600W versions prior to Ver.2.8.0. If a user accesses a specially crafted webpage while logged in, unintended operations may be performed.This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
Solution
Refer to the vendor advisory.See Also
https://jvn.jp/en/jp/JVN75140384/
https://www.sony.com/electronics/support/ip-cameras-fixed/snc-cx600w
Plugin Details
Severity: Low
ID: 504814
File Name: tenable_ot_sony_CVE-2025-62497.nasl
Version: 1.3
Type: remote
Family: Tenable.ot
Published: 12/3/2025
Updated: 2/27/2026
Supported Sensors: Tenable OT Security
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: High
Base Score: 7.8
Temporal Score: 5.8
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N
CVSS Score Source: CVE-2025-62497
CVSS v3
Risk Factor: Medium
Base Score: 6.5
Temporal Score: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
CVSS v4
Risk Factor: Low
Base Score: 2.1
Threat Score: 0.5
Threat Vector: CVSS:4.0/E:U
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Vulnerability Information
CPE: cpe:/o:sony:snc-cx600w_firmware
Required KB Items: Tenable.ot/Sony
Exploit Ease: No known exploits are available
Patch Publication Date: 11/25/2025
Vulnerability Publication Date: 11/25/2025
Reference Information
CVE: CVE-2025-62497
CWE: 352