CVE-2025-9265

Summary

A broken authorization vulnerability in Kiloview NDI N30 allows a remote unauthenticated attacker to deactivate user verification, giving them access to state changing actions that should only be initiated by administratorsThis issue affects

Kiloview NDI N30

and was fixed in Firmware version later than 2.02.0246

Affected Software

VendorProductVersion RangeStatus
KiloviewNDI2.02.246affected

Weaknesses

  • CWE-346: CWE-346 Origin Validation Error
  • CWE-290: CWE-290 Authentication Bypass by Spoofing
  • CWE-287: CWE-287 Improper Authentication

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References