CVE-2025-10265

Digiever｜NVR - OS Command Injection

CVSS 8.7 HIGHEPSS 1.1%CWE-78

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 8.7EPSS 1.1%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

12 Sep 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Certain models of NVR developed by Digiever has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

Digiever · DS-1200 Digiever · DS-16x00-RM Pro+Digiever · DS-16x00-RM UHD Digiever · DS-2100 Pro Digiever · DS-2100 Pro+Digiever · DS-2100 UHD Digiever · DS-2200 UHD Digiever · DS-2200 UHD+Digiever · DS-4100-RM Digiever · DS-4200 Pro Digiever · DS-4200 Pro+Digiever · DS-4200-RM Pro+Digiever · DS-4200-RM UHD Digiever · DS-4200 UHD Digiever · DS-4200 UHD+Digiever · DS-8x00-RM Pro+Digiever · DS-8x00-RM UHD Digiever · DS-8x00-SRM Pro+

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.twcert.org.tw/en/cp-139-10376-a057c-2.html https://www.twcert.org.tw/tw/cp-132-10375-19f1e-1.html