Viessmann Vitogate 300 Authentication Bypass_CVE-2025-9495

8.7 / 10

HIGH

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

The Vitogate 300 web interface fails to enforce proper server-side authentication and relies on frontend-based authentication controls. This allows an attacker to simply modify HTML elements in the browser’s developer tools to bypass login restrictions. By removing specific UI elements, an attacker can reveal the hidden administration menu, giving them full control over the device.

Basic Information

ID CVE-2025-9495

Source Carrier

Published Sep 23, 2025 at 01:16

Affected Product

Vendor Viessmann

Product Vitogate 300

Version 1

Affected Versions Viessmann Vitogate 300 1

CWE Classification

CWE-602

References

https //www.corporate.carrier.com/product-security/advisories-resources/

{
    "lastseen": "",
    "description": "The Vitogate 300 web interface fails to enforce proper server-side authentication and relies on frontend-based authentication controls. This allows an attacker to simply modify HTML elements in the browser\u2019s developer tools to bypass login restrictions. By removing specific UI elements, an attacker can reveal the hidden administration menu, giving them full control over the device.",
    "published": "2025-09-23T01:16:53.619Z",
    "modified": "2025-09-23T01:16:53.619Z",
    "type": "cve",
    "title": "Viessmann Vitogate 300 Authentication Bypass",
    "source": "Carrier",
    "references": "https://https://www.corporate.carrier.com/product-security/advisories-resources/",
    "id": "CVE-2025-9495",
    "bulletinFamily": "",
    "cwe": [
        "CWE-602"
    ],
    "cvelist": null,
    "sourceData": "Viessmann Vitogate 300 1",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Vitogate 300",
    "version": "1",
    "vendor": "Viessmann",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}