What is CVE-2025-10364?

CVE-2025-10364 is a vulnerability in Evertz 3080ipx-10g, classified under Command Injection. Published 2025-09-12.

Is CVE-2025-10364 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Evertz 3080ipx-10g

CVE-2025-10364

The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. This device exposes a web management interface on port 80. This web management interface can be used by administrators to control product feat…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.063 (92.7th percentile) — read the EPSS interpretation.

Affected products

Evertz 3080ipx-10g — versions 0
Evertz 5782xps-app-4e — versions 0
Evertz 7890ixg — versions 0
Evertz Cc Access Server — versions 0
Evertz Cvip — versions 0
Evertz Mvip-ii — versions 0

Weakness classification (CWE)

CWE-77 — Command Injection

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

www.onekey.com/resource/security-advisory-remote-code-execution-on-evertz-svdn-… (third-party-advisory)

Frequently asked questions

What is CVE-2025-10364?: CVE-2025-10364 is a vulnerability in Evertz 3080ipx-10g, classified under Command Injection. Published 2025-09-12.
Is CVE-2025-10364 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.