CVE-2025-10265

Summary

Certain models of NVR developed by Digiever has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.

Affected Software

VendorProductVersion RangeStatus
DigieverDS-12000 <= *.*.*.78affected
DigieverDS-2100 Pro0 <= *.*.*.78affected
DigieverDS-2100 Pro+0 <= *.*.*.78affected
DigieverDS-2100 UHD0 <= *.*.*.78affected
DigieverDS-2200 UHD0 <= *.*.*.78affected
DigieverDS-2200 UHD+0 <= *.*.*.78affected
DigieverDS-4200 Pro0 <= *.*.*.78affected
DigieverDS-4200 Pro+0 <= *.*.*.78affected
DigieverDS-4200 UHD0 <= *.*.*.78affected
DigieverDS-4200 UHD+0 <= *.*.*.78affected
DigieverDS-4100-RM0 <= *.*.*.78affected
DigieverDS-4200-RM Pro+0 <= *.*.*.78affected
DigieverDS-4200-RM UHD0 <= *.*.*.78affected
DigieverDS-8x00-RM Pro+0 <= *.*.*.78affected
DigieverDS-8x00-SRM Pro+0 <= *.*.*.78affected
DigieverDS-8x00-RM UHD0 <= *.*.*.78affected
DigieverDS-16x00-RM Pro+0 <= *.*.*.78affected
DigieverDS-16x00-RM UHD0 <= *.*.*.78affected

Weaknesses

  • CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References