CVE-2025-4560

Summary

The ISOinsight from Netvision has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access certain system functions. These functions include viewing the administrator list, viewing and editing IP settings, and uploading files.

Affected Software

VendorProductVersion RangeStatus
NetvisionISOinsight2.9.0 < 2.9.0.250501affected
NetvisionISOinsight3.0.0 < 3.0.0.250501affected

Weaknesses

  • CWE-306: CWE-306 Missing Authentication for Critical Function

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References