CRITICAL🇵🇱 Wersja polska

CVE-2025-9265

CVSS 10.0v4.0pub. 2025-10-13upd. 2026-04-15

A broken authorization vulnerability in Kiloview NDI N30 allows a remote unauthenticated attacker to deactivate user verification, giving them access to state changing actions that should only be initiated by administratorsThis issue affects Kiloview NDI N30 and was fixed in Firmware version later than 2.02.0246

🤖 AI Analysis
How it works

The flaw lies in improper implementation of the authorization mechanism (CWE-287, CWE-290, CWE-346), which allows an attacker to remotely disable user identity verification. After disabling this mechanism, the attacker gains access to state-changing actions that should be reserved exclusively for administrators. The attack can be conducted remotely over the network without any credentials or interaction from an authorized user.

Impact

An attacker gains full access to the device's administrative functions, allowing arbitrary modification of its configuration and state. The consequence could be complete takeover of the Kiloview NDI N30 device and potential impact on the infrastructure with which it is integrated.

Mitigation & patch

The Kiloview NDI N30 device firmware should be updated to a version later than 2.02.0246. The update is available on the manufacturer's website: https://www.kiloview.com/en/support/download/n30-firmware-downloadlatest/

Who is affected

Kiloview NDI N30 — firmware versions up to and including 2.02.0246

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References