CVE-2025-9265
CRITICALKiloview NDI N30 < 2.02.246 - Unauthenticated Broken Authorization
Title source: llmDescription
A broken authorization vulnerability in Kiloview NDI N30 allows a remote unauthenticated attacker to deactivate user verification, giving them access to state changing actions that should only be initiated by administratorsThis issue affects Kiloview NDI N30 and was fixed in Firmware version later than 2.02.0246
References (1)
Core 1
Core References
Various Sources release-notes
https://www.kiloview.com/en/support/download/n30-firmware-downloadlatest/
Scores
CVSS v4
10.0
EPSS
0.0022
EPSS Percentile
12.3%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-287
CWE-290
CWE-346
Status
published
Products (1)
Kiloview/NDI
2.02.246
Published
Oct 13, 2025
Tracked Since
Feb 18, 2026