CVE-2025-10365

EPSS 5.78%
Veröffentlicht 12.09.2025 13:46:11
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle research@onekey.com
CVE-Watchlists
Login
Unerledigt
Login

Authentication Bypass in Evertz SDVN

The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. This device exposes a web management interface on port 80. This web management interface can be used by administrators to control product
features, setup network switching, and register license among other features. The application has been developed in PHP with the webEASY SDK, also named ‘ewb’ by Evertz.

This web interface has two endpoints that are vulnerable to arbitrary command injection (CVE-2025-4009, CVE-2025-10364) and the authentication mechanism has a flaw leading to authentication bypass (CVE-2025-10365).

Remote unauthenticated attackers can gain arbitrary command execution with elevated privileges ( root ) on affected devices.

This level of access could lead to serious business impact such as the interruption of media streaming, modification of media being streamed, alteration of closed captions being generated, among others.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

CNA 6 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerEvertz

≫

Produkt 3080ipx-10G

Default Statusaffected

Version 0

Status affected

HerstellerEvertz

≫

Produkt MViP-II

Default Statusaffected

Version 0

Status affected

HerstellerEvertz

≫

Produkt cVIP

Default Statusaffected

Version 0

Status affected

HerstellerEvertz

≫

Produkt 7890IXG

Default Statusaffected

Version 0

Status affected

HerstellerEvertz

≫

Produkt CC Access Server

Default Statusaffected

Version 0

Status affected

HerstellerEvertz

≫

Produkt 5782XPS-APP-4E

Default Statusaffected

Version 0

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	5.78%	0.921

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
research@onekey.com	9.3	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:X/V:C/RE:X/U:X

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://www.onekey.com/resource/security-advisory-remote-code-execution-on-evertz-svdn-cve-2025-4009

https://nvd.nist.gov/vuln/detail/CVE-2025-10365

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-10365

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-10365

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-10365