Auth bypass in Kiloview Ndi
CVE-2025-9265
A broken authorization vulnerability in Kiloview NDI N30 allows a remote unauthenticated attacker to deactivate user verification, giving them access to state changing actions that should only be initiated by administratorsThis issue affec…
Vulnerability class: Broken Authentication
EPSS: 0.002 (12.4th percentile) — read the EPSS interpretation.
Affected products
- Kiloview Ndi — versions 2.02.246
Weakness classification (CWE)
References
- vulnerability@ncsc.ch (release-notes)