CVE-2025-8915
BaseFortify
Publication date: 2025-10-13
Last updated on: 2025-10-14
Assigner: Switzerland Government Common Vulnerability Program
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| kiloview | n30 | 2.02.246 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves a hardcoded TLS private key and certificate embedded in the firmware of the Kiloview N30 device version 2.02.246. Because these cryptographic credentials are fixed and not unique per device, a malicious attacker can exploit this to perform a man-in-the-middle (MitM) attack over the network, intercepting or altering communications that are supposed to be secure.
How can this vulnerability impact me? :
The vulnerability can allow attackers to intercept, read, or modify sensitive data transmitted over the network by performing a man-in-the-middle attack. This compromises the confidentiality and integrity of communications, potentially leading to data breaches, unauthorized access, and other security incidents.