A critical security vulnerability has been discovered in Industrial Video & Control’s Longwatch video surveillance system, allowing attackers to execute malicious code with elevated privileges remotely.
The flaw, tracked as CVE-2025-13658, affects Longwatch versions 6.309 through 6.334 and has received a severe CVSS v4 score of 9.3.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory on December 2, 2025, warning organizations about the serious risk.
The vulnerability involves improper code-injection controls, allowing unauthenticated attackers to exploit the system via simple HTTP GET requests.
Because the affected endpoint lacks proper code-signing and execution safeguards, hackers can inject and run arbitrary code without requiring login credentials. What makes this vulnerability particularly dangerous is that successful exploitation grants.
| Feature | Description |
|---|---|
| CVE ID | CVE-2025-13658 |
| Vendor | Industrial Video & Control |
| Equipment | Longwatch |
| Vulnerability | Improper Control of Generation of Code (‘Code Injection’) |
| Affected Versions | 6.309 to 6.334 |
| CVSS v4 Score | 9.3 |
Attackers’ SYSTEM-level privileges are the highest permission level in Windows environments. This means attackers gain complete control over the compromised system.
Potentially accessing sensitive surveillance feeds, modifying configurations, or using the system as a launching point for further attacks.
Longwatch RCE Vulnerability
The vulnerability impacts critical infrastructure sectors, including energy facilities and water treatment plants that rely on Longwatch for video surveillance and monitoring.
Organizations worldwide using affected versions are vulnerable to remote attacks with minimal complexity required.
A concerned OT (Operational Technology) engineer discovered and reported the vulnerability to CISA, highlighting growing security awareness in industrial environments.
Industrial Video & Control has released version 6.335 to address this security flaw. Organizations running vulnerable versions should immediately upgrade to the patched version.
CISA recommends additional protective measures: isolating control systems from the internet. Implementing firewalls between control and business networks, and using secure VPNs for remote access.
Currently, no public exploitation attempts have been reported. However, the vulnerability’s severity and ease of exploitation make immediate patching critical for affected organizations.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
