← volver
CVE-2025-9265

API Authentication Bypass via Header Spoofing vulnerability in Kiloview NDI N30 Products

CVSS 10 CRITICALEPSS 0.2%CWE-287CWE-290CWE-346
Vexday Risk Score
28Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 10EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
13 oct 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A broken authorization vulnerability in Kiloview NDI N30 allows a remote unauthenticated attacker to deactivate user verification, giving them access to state changing actions that should only be initiated by administratorsThis issue affects Kiloview NDI N30 and was fixed in Firmware version later than 2.02.0246
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Productos afectados
Kiloview · NDI

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://www.kiloview.com/en/support/download/n30-firmware-downloadlatest/