Home

Description

A broken authorization vulnerability in Kiloview NDI N30 allows a remote unauthenticated attacker to deactivate user verification, giving them access to state changing actions that should only be initiated by administratorsThis issue affects Kiloview NDI N30 and was fixed in Firmware version later than 2.02.0246

PUBLISHED Reserved 2025-08-20 | Published 2025-10-13 | Updated 2025-10-14 | Assigner NCSC.ch




CRITICAL: 10.0CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Problem types

CWE-346 Origin Validation Error

CWE-290 Authentication Bypass by Spoofing

CWE-287 Improper Authentication

Product status

Default status
affected

2.02.246
affected

Credits

Joakim Brandt - NRK (Norsk rikskringkasting AS) finder

Louis Dumas coordinator

References

www.kiloview.com/...rt/download/n30-firmware-downloadlatest/ release-notes

cve.org (CVE-2025-9265)

nvd.nist.gov (CVE-2025-9265)

Download JSON