Critical RCE Vulnerability Strikes Longwatch Surveillance Systems

In a significant cybersecurity alert for industrial and critical infrastructure sectors, a severe Remote Code Execution (RCE) vulnerability has been uncovered in Industrial Video & Control’s Longwatch video surveillance system. This flaw, identified as CVE-2025-13658, carries a critical CVSS v4 score of 9.3, indicating a high potential for devastating impact. When exploited, it allows unauthorized attackers to execute arbitrary malicious code with elevated privileges, potentially compromising entire surveillance networks.

Understanding the Longwatch RCE Vulnerability (CVE-2025-13658)

The core of this vulnerability lies in specific versions of the Longwatch system, which is widely deployed for video monitoring in industrial environments. An RCE flaw of this magnitude means an attacker, potentially from a remote location, can inject and run their own code on the affected system. The “elevated privileges” aspect is particularly concerning, as it suggests the attacker gains administrative-level control, enabling them to:

• Alter or delete surveillance footage.
• Disable camera feeds.
• Install malware or backdoors.
• Pivot to other connected systems within the operational technology (OT) network.
• Exfiltrate sensitive data.

Such capabilities could lead to significant operational disruptions, security breaches, and even physical safety risks in critical infrastructure settings where these systems are deployed.

Affected Systems and Severity

The CVE-2025-13658 vulnerability impacts Longwatch versions 6.309 through 6.334. Organizations utilizing these specified versions are at immediate high risk. The severe CVSS v4 score of 9.3 aligns with the critical nature of remote code execution, especially when coupled with elevated privileges, indicating ease of exploitation and high impact on confidentiality, integrity, and availability.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert regarding this vulnerability, underscoring its potential for significant harm to industrial control systems (ICS) and supervisory control and data acquisition (SCADA) environments. CISA’s involvement highlights the broad concern for national security ramifications.

Remediation Actions and Mitigations

Immediate action is imperative for all organizations running vulnerable Longwatch systems. Delaying remediation could expose critical operations to severe cyberattacks. The following steps are recommended:

• Apply Patches and Updates: The most crucial step is to apply the security patches released by Industrial Video & Control. Administrators should check the vendor’s official support channels for the latest secure version of Longwatch beyond 6.334.
• Network Segmentation: Isolate Longwatch systems and associated surveillance infrastructure onto dedicated, segmented networks. This limits an attacker’s ability to pivot from the surveillance system to other critical OT or IT assets.
• Strong Access Controls: Implement and enforce the principle of least privilege for all user accounts accessing the Longwatch system. Regularly review and revoke unnecessary access.
• Intrusion Detection/Prevention Systems (IDS/IPS): Deploy and configure IDS/IPS solutions to monitor network traffic for suspicious activity indicative of exploitation attempts against Longwatch systems.
• Regular Backup and Recovery: Maintain up-to-date backups of all configurations and data associated with the Longwatch system to facilitate rapid recovery in the event of a compromise.
• Security Audits and Penetration Testing: Periodically conduct security audits and penetration tests on surveillance systems and their surrounding infrastructure to identify and address potential weaknesses before they can be exploited.

Detection and Scanning Tools

To identify vulnerable Longwatch installations and potential exploitation attempts, security professionals can leverage various tools:

Tool Name	Purpose	Link
Nessus	Vulnerability scanning for known CVEs, including network services.	https://www.tenable.com/products/nessus
OpenVAS	Open-source vulnerability scanner for network and system assessment.	http://www.openvas.org/
Snort/Suricata	Network intrusion detection/prevention systems for monitoring malicious traffic patterns.	https://www.snort.org/ https://suricata-ids.org/
Metasploit Framework	Exploitation framework; can be used for testing and identifying vulnerable services (ethical use only).	https://www.rapid7.com/products/metasploit/
Wireshark	Network protocol analyzer for deep inspection of network traffic.	https://www.wireshark.org/

Conclusion

The discovery of CVE-2025-13658 in Industrial Video & Control’s Longwatch system represents a critical threat to organizations relying on this surveillance technology, particularly those in industrial and critical infrastructure sectors. The ability for attackers to achieve remote code execution with elevated privileges highlights the urgent need for robust cybersecurity measures. Organizations must prioritize applying vendor-supplied patches, enhancing network segmentation, and implementing strong access controls to safeguard their operations against potential exploitation. Proactive defense remains the most effective strategy in mitigating such high-impact vulnerabilities.