← back
CVE-2025-9265

API Authentication Bypass via Header Spoofing vulnerability in Kiloview NDI N30 Products

CVSS 10 CRITICALEPSS 0.2%CWE-287CWE-290CWE-346
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 10EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
13 Oct 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A broken authorization vulnerability in Kiloview NDI N30 allows a remote unauthenticated attacker to deactivate user verification, giving them access to state changing actions that should only be initiated by administratorsThis issue affects Kiloview NDI N30 and was fixed in Firmware version later than 2.02.0246
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Affected products
Kiloview · NDI

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.kiloview.com/en/support/download/n30-firmware-downloadlatest/