API Authentication Bypass via Header Spoofing vulnerability in Kiloview NDI...

10 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Description

A broken authorization vulnerability in Kiloview NDI N30 allows a remote unauthenticated attacker to deactivate user verification, giving them access to state changing actions that should only be initiated by administratorsThis issue affects

Kiloview NDI N30

and was fixed in Firmware version later than 2.02.0246

Basic Information

ID CVE-2025-9265

Source NCSC.ch

Published Oct 13, 2025 at 06:57

Affected Product

Vendor Kiloview

Product NDI

Version 2.02.246

Affected Versions Kiloview NDI 2.02.246

CWE Classification

CWE-346 CWE-290 CWE-287

References

www.kiloview.com /en/support/download/n30-firmware-downloadlatest/

{
    "lastseen": "",
    "description": "A broken authorization vulnerability in Kiloview NDI N30 allows a remote unauthenticated attacker to deactivate user verification, giving them access to state changing actions that should only be initiated by administratorsThis issue affects \n\n Kiloview NDI N30\n\nand was fixed in Firmware version later than  2.02.0246",
    "published": "2025-10-13T06:57:45.195Z",
    "modified": "2025-10-13T06:57:45.195Z",
    "type": "cve",
    "title": "API Authentication Bypass via Header Spoofing vulnerability in Kiloview NDI N30 Products",
    "source": "NCSC.ch",
    "references": "https://www.kiloview.com/en/support/download/n30-firmware-downloadlatest/",
    "id": "CVE-2025-9265",
    "bulletinFamily": "",
    "cwe": [
        "CWE-346",
        "CWE-290",
        "CWE-287"
    ],
    "cvelist": null,
    "sourceData": "Kiloview NDI 2.02.246",
    "sourceHref": "",
    "cvss": {
        "score": 10,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "NDI",
    "version": "2.02.246",
    "vendor": "Kiloview",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

API Authentication Bypass via Header Spoofing vulnerability in Kiloview NDI N30 Products_CVE-2025-9265