Idis Surveillance Management Software Vulnerable to Hacking

Web-Based Client on Local Host Didn't Sanitize Inputs Greg Sirico • January 28, 2026

Video camera surveillance management software made by South Korean manufacturer Idis is susceptible to a one-click attack giving hackers the power to execute arbitrary code, warn security researchers.

See Also: IoT and Cloud Systems Face Escalating Cyber Risks Amid Global Instability

Claroty's research team uncovered a critical flaw in a web-based client Idis customers use to manage camera deployments and view live feeds.

The flaw, tracked as CVE-2025-12556, with a high CVSS score, depends on a user clicking a link to a page containing malicious JavaScript. Researchers determined that the Idis Chromium-based client directly passed arguments to Chromium Embedded Framework library, creating an opening for an injection attack.

Unlike most JavaScript-based attacks, "this vulnerability allows an attacker to escalate beyond the browser sandbox and achieve code execution on the host itself ...