CVE-2025-9265 CRITICAL

CVE-2025-9265: API Authentication Bypass via Header Spoofing vulnerability in Kiloview NDI N30 Products

Vendor Kiloview
Product NDI
Weakness CWE-346 · Origin validation
Published October 13, 2025
Last update October 14, 2025

CVSS base score

10.0/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

What the vulnerability does

01Description

A broken authorization vulnerability in Kiloview NDI N30 allows a remote unauthenticated attacker to deactivate user verification, giving them access to state changing actions that should only be initiated by administratorsThis issue affects Kiloview NDI N30 and was fixed in Firmware version later than 2.02.0246

Key dates

02Disclosure timeline

October 13, 2025 CVE published
October 14, 2025 Record updated