CVE-2025-9495
Last modified
CVE-2025-9495 is a high-severity vulnerability rated 8.7/10 on the CVSS scale. The Vitogate 300 web interface fails to enforce proper server-side authentication and relies on frontend-based authentication controls. This allows an attacker to simply modify HTML elements in the browser’s developer tools to bypass login restrictions. EPSS estimates a 0.29% chance of exploitation in the next 30 days.
Description
The Vitogate 300 web interface fails to enforce proper server-side authentication and relies on frontend-based authentication controls. This allows an attacker to simply modify HTML elements in the browser’s developer tools to bypass login restrictions. By removing specific UI elements, an attacker can reveal the hidden administration menu, giving them full control over the device.
Metrics
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
References
Timeline
- Published
- Last Modified
- Status
- Deferred
Frequently Asked Questions
What is CVE-2025-9495?
How severe is CVE-2025-9495?
How do I fix CVE-2025-9495?
Are you affected by CVE-2025-9495?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST