A severe, unauthenticated remote code execution vulnerability in Industrial Video & Control's Longwatch video surveillance and monitoring platform has been disclosed by the Cybersecurity and Infrastructure Security Agency (CISA), posing significant risks to critical infrastructure and industrial control systems. Designated as CVE-2025-13658 with a critical CVSS score of 9.8, this flaw allows attackers to execute arbitrary code on affected systems without authentication, potentially granting them complete control over video surveillance infrastructure.

The Vulnerability: CVE-2025-13658 Technical Details

CVE-2025-13658 exists in the Longwatch platform's HTTP endpoint, which improperly handles user input, leading to a buffer overflow condition. According to security researchers, the vulnerability stems from insufficient input validation in the web interface component, allowing malicious actors to send specially crafted HTTP requests that overflow memory buffers and execute arbitrary code with system-level privileges.

Industrial Video & Control's Longwatch platform is widely deployed in critical infrastructure sectors, including energy, manufacturing, transportation, and water treatment facilities. The system provides video monitoring and surveillance capabilities for industrial environments, often integrated with SCADA (Supervisory Control and Data Acquisition) systems and other operational technology. This integration makes the vulnerability particularly dangerous, as successful exploitation could provide attackers with a foothold into broader industrial control networks.

Impact Assessment and Attack Scenarios

The critical nature of CVE-2025-13658 stems from several factors. First, the vulnerability requires no authentication, meaning any attacker with network access to the Longwatch system can potentially exploit it. Second, successful exploitation grants remote code execution with the privileges of the Longwatch service account, which typically runs with elevated permissions. Third, the affected systems are often deployed in sensitive environments where disruption could have physical consequences.

Security analysts have identified multiple potential attack scenarios:

  • Direct Infrastructure Compromise: Attackers could gain control of video surveillance systems to disable monitoring capabilities during physical intrusions or sabotage operations.
  • Lateral Movement: Once inside the Longwatch system, attackers could pivot to other industrial control systems on the same network.
  • Data Exfiltration: Video feeds and surveillance data could be intercepted or manipulated.
  • Ransomware Deployment: Critical infrastructure operators could be targeted with ransomware that disrupts both IT and OT systems.

The Patch: Version 6.335 and Remediation Steps

Industrial Video & Control has released version 6.335 of the Longwatch platform to address CVE-2025-13658. Organizations using affected versions must immediately upgrade to this patched version. The company has stated that the fix properly validates input to the vulnerable HTTP endpoint, eliminating the buffer overflow condition.

According to security advisories, the following Longwatch versions are affected:

  • All versions prior to 6.335
  • Specific earlier versions used in various industrial deployments

Recommended remediation steps include:

  1. Immediate Patching: Upgrade all Longwatch systems to version 6.335 without delay.
  2. Network Segmentation: Ensure Longwatch systems are properly segmented from other industrial control systems and corporate networks.
  3. Access Controls: Implement strict network access controls, limiting exposure to only necessary IP addresses.
  4. Monitoring: Increase monitoring of Longwatch systems for suspicious activity, particularly unusual HTTP requests.
  5. Backup Verification: Ensure system backups are current and tested before applying patches.

Critical Infrastructure Security Implications

The disclosure of CVE-2025-13658 highlights ongoing challenges in industrial control system security. Video surveillance platforms, while often considered peripheral to core industrial processes, can serve as entry points to critical operational technology networks. The integration of IT and OT systems, while beneficial for operational efficiency, creates additional attack surfaces that must be secured.

CISA's inclusion of this vulnerability in its Known Exploited Vulnerabilities Catalog indicates that federal agencies must patch affected systems according to Binding Operational Directive timelines. Private sector organizations, particularly those in critical infrastructure sectors, should treat this vulnerability with equal urgency.

Broader ICS Security Context

This vulnerability emerges amid increasing attention to industrial control system security. Recent years have seen several high-profile attacks against critical infrastructure, including the Colonial Pipeline ransomware incident and various attacks against water treatment facilities. The industrial cybersecurity community has been advocating for improved security practices in OT environments, including:

  • Regular Vulnerability Assessments: Proactive identification of security weaknesses in industrial systems.
  • Patch Management Programs: Structured approaches to applying security updates in OT environments, balancing security needs with operational requirements.
  • Defense-in-Depth Strategies: Multiple layers of security controls to protect critical systems.
  • Incident Response Planning: Preparation for security incidents in industrial environments.

Recommendations for Industrial Organizations

Beyond immediate patching, industrial organizations should consider several security enhancements:

Network Architecture Review: Evaluate how Longwatch and similar systems connect to broader networks. Implement micro-segmentation where possible to contain potential breaches.

Vulnerability Management Program: Establish regular vulnerability scanning and assessment processes for all industrial systems, not just traditional IT assets.

Supplier Security Assessment: Evaluate the security practices of industrial technology suppliers, including their vulnerability disclosure and patch management processes.

Security Monitoring: Deploy security monitoring solutions capable of detecting anomalous behavior in industrial networks, including unusual network traffic patterns or system modifications.

Personnel Training: Ensure that both IT and OT personnel understand the security risks associated with industrial systems and proper security procedures.

The Future of Industrial Cybersecurity

The disclosure of CVE-2025-13658 follows a pattern of increasing vulnerability discoveries in industrial systems. As industrial environments become more connected and digitized, the attack surface expands correspondingly. Security researchers are paying more attention to industrial systems, leading to more vulnerability discoveries, which ultimately improves security through responsible disclosure and patching.

Industrial organizations must adapt their security approaches to address these evolving threats. This includes not only technical controls but also organizational changes, such as closer collaboration between IT and OT teams, increased security budgets for industrial systems, and participation in industry information sharing and analysis centers (ISACs).

Conclusion: Urgent Action Required

CVE-2025-13658 represents a clear and present danger to organizations using the Longwatch video surveillance platform. The critical severity rating, combined with the potential impact on critical infrastructure, demands immediate attention. Organizations should prioritize patching to version 6.335, assess their exposure, and review broader industrial security practices.

The vulnerability serves as a reminder that all connected systems in industrial environments, including those perceived as peripheral like video surveillance, require robust security measures. In an era of increasing cyber threats to critical infrastructure, proactive security measures are not just advisable—they're essential for operational resilience and safety.