CVE-2025-7070HIGH 8.8EPSS p51.6%

CVE-2025-7070CVE-2025-7070

Description

A vulnerability has been found in IROAD Dashcam Q9 up to 20250624 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component MFA Pairing Request Handler. The manipulation leads to allocation of resources. The attack needs to be done within the local network. The vendor was contacted early about this disclosure but did not respond in any way.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.80% probability of exploitation · percentile 51.6% · 2026-06-19T12:03:05Z
Published2025-07-04
Last modified2025-10-01

Underlying weaknesses· 2

CWE-400CWE-770

References

  1. https://github.com/geo-chen/IROAD-V?tab=readme-ov-file#finding-8---mfa-spam-to-induce-device-pairing-fatigue
  2. https://vuldb.com/?ctiid.314905
  3. https://vuldb.com/?id.314905
  4. https://vuldb.com/?submit.603298
  5. https://github.com/geo-chen/IROAD-V?tab=readme-ov-file#finding-8---mfa-spam-to-induce-device-pairing-fatigue

2

TypeTargetConfidenceTier
WeaknessUncontrolled Resource Consumptioncwe-4000%live
WeaknessAllocation of Resources Without Limits or Throttlingcwe-7700%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-2345
CVE
CVE-2025-30106
CVE
CVE-2025-30133
CVE
CVE-2025-30135
CVE
CVE-2025-30132
CVE
CVE-2025-30114
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.