Critical Longwatch RCE Vulnerability Exposes Industrial Systems to Remote Attacks
A significant security flaw has been identified in Industrial Video & Control’s Longwatch video surveillance system, potentially allowing remote attackers to execute malicious code with elevated privileges. This vulnerability, designated as CVE-2025-13658, affects Longwatch versions 6.309 through 6.334 and has been assigned a critical CVSS v4 score of 9.3.
On December 2, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory highlighting the severity of this issue. The vulnerability arises from inadequate code-injection controls, enabling unauthenticated attackers to exploit the system via simple HTTP GET requests. Due to the absence of proper code-signing and execution safeguards in the affected endpoint, malicious actors can inject and execute arbitrary code without requiring login credentials.
The gravity of this vulnerability is underscored by the fact that successful exploitation grants attackers SYSTEM-level privileges—the highest permission level in Windows environments. This level of access allows complete control over the compromised system, including the ability to access sensitive surveillance feeds, modify configurations, or use the system as a launching point for further attacks.
Impact on Critical Infrastructure
Longwatch is widely utilized in critical infrastructure sectors, including energy facilities and water treatment plants, for video surveillance and monitoring. Organizations worldwide using affected versions are at risk of remote attacks that require minimal complexity to execute.
The vulnerability was discovered and reported to CISA by a concerned Operational Technology (OT) engineer, reflecting a growing awareness of security issues within industrial environments.
Mitigation Measures
In response to this discovery, Industrial Video & Control has released Longwatch version 6.335, which addresses this security flaw. Organizations running vulnerable versions are strongly advised to upgrade to the patched version immediately.
CISA recommends additional protective measures to mitigate potential risks:
– Isolate Control Systems: Ensure that control systems are isolated from the internet to prevent unauthorized access.
– Implement Firewalls: Establish firewalls between control and business networks to control and monitor traffic.
– Use Secure VPNs: Utilize secure Virtual Private Networks (VPNs) for remote access to safeguard data transmission.
As of now, there have been no public reports of exploitation attempts. However, given the severity and ease of exploitation, immediate patching is crucial for all affected organizations to prevent potential attacks.
