CVE-2025-9265

API Authentication Bypass via Header Spoofing vulnerability in Kiloview NDI N30 Products

Description

A broken authorization vulnerability in Kiloview NDI N30 allows a remote unauthenticated attacker to deactivate user verification, giving them access to state changing actions that should only be initiated by administratorsThis issue affects Kiloview NDI N30 and was fixed in Firmware version later than 2.02.0246

INFO

Published Date :

2025-10-13T06:57:45.195Z

Last Modified :

2025-10-14T13:19:43.818Z

Source :

NCSC.ch

AFFECTED PRODUCTS

The following products are affected by CVE-2025-9265 vulnerability.

Vendors	Products
Kiloview	Ndi N30

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-9265.

URL	Resource
https://www.kiloview.com/en/support/download/n30-firmware-downloadlatest/

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability