CVE-2025-10365
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-12

Last updated on: 2025-09-15

Assigner: ONEKEY GmbH

Description
The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. This device exposes aΒ web management interface on port 80. This web management interface can be used by administrators to control product features, setup network switching, and register license among other features. The application has been developed in PHP withΒ the webEASY SDK, also named β€˜ewb’ by Evertz. This web interface has two endpoints that are vulnerable to arbitrary command injection (CVE-2025-4009,Β CVE-2025-10364) and the authentication mechanism has a flaw leading to authentication bypass (CVE-2025-10365). Remote unauthenticated attackers can gain arbitrary command execution with elevated privileges ( root ) on affected devices. This level of access could lead to serious business impact such as the interruption of media streaming, modification of media being streamed, alteration of closed captions being generated, among others.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-12
Last Modified
2025-09-15
Generated
2026-05-07
AI Q&A
2025-09-12
EPSS Evaluated
2026-05-05
NVD
CVE-2025-10365
EUVD
EUVD-2025-29046
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
evertz sdvn_3080ipx-10g *
evertz 5782xps-app-4e *
evertz 7890ixg *
evertz mvip-ii *
evertz cvip *
evertz cc_access_server *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

The vulnerability in the Evertz SDVN 3080ipx-10G device is an authentication bypass flaw in its web management interface, which allows remote unauthenticated attackers to gain root-level arbitrary command execution on the device. This means attackers can control the device without needing valid credentials.


How can this vulnerability impact me? :

This vulnerability can lead to serious business impacts such as interruption of media streaming, modification of media being streamed, and alteration of closed captions being generated by the device. Attackers gaining root access can disrupt or manipulate the device's functions.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart