← voltar
CVE-2025-9265

API Authentication Bypass via Header Spoofing vulnerability in Kiloview NDI N30 Products

CVSS 10 CRITICALEPSS 0.2%CWE-287CWE-290CWE-346
Vexday Risk Score
28Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 10EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
13 out 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A broken authorization vulnerability in Kiloview NDI N30 allows a remote unauthenticated attacker to deactivate user verification, giving them access to state changing actions that should only be initiated by administratorsThis issue affects Kiloview NDI N30 and was fixed in Firmware version later than 2.02.0246
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Produtos afetados
Kiloview · NDI

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://www.kiloview.com/en/support/download/n30-firmware-downloadlatest/