- Description
- The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. This device exposes a web management interface on port 80. This web management interface can be used by administrators to control product features, setup network switching, and register license among other features. The application has been developed in PHP with the webEASY SDK, also named ‘ewb’ by Evertz. This web interface has two endpoints that are vulnerable to arbitrary command injection and the authentication mechanism has a flaw leading to authentication bypass. Remote unauthenticated attackers can gain arbitrary command execution with elevated privileges ( root ) on affected devices. This level of access could lead to serious business impact such as the interruption of media streaming, modification of media being streamed, alteration of closed captions being generated, among others.
- Source
- research@onekey.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 9.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:X/V:C/RE:X/U:X
- Severity
- CRITICAL
- research@onekey.com
- CWE-77
- Hype score
- Not currently trending
Evertz SDVN の脆弱性 CVE-2025-4009:認証不要の任意コマンド実行とパッチの未適用 https://t.co/VjzbvBSUGE Evertz の Software Defined Video Network (SDVN) 製品ラインの脆弱性 CVE-2025-4009
@iototsecnews
9 Jun 2025
90 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Remote Code Execution on Evertz SDVN (CVE-2025-4009 - Full Disclosure) https://t.co/I8TaSFqiIe
@_r_netsec
5 Jun 2025
508 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 CVE-2025-4009 ⚠️🔴 CRITICAL (9.3) 🏢 Evertz - 3080ipx-10G 🏗️ 0 🔗 https://t.co/LmvRK2T0DV #CyberCron #VulnAlert #InfoSec https://t.co/raVYiqk6Lx
@cybercronai
29 May 2025
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-4009: Critical unauthenticated RCE flaw in Evertz broadcast systems gives attackers root access. Major risk to media infrastructure. Read the full advisory 👉 https://t.co/sZ34hs2Kmo #CyberSecurity #CVE2025_4009 #BroadcastTech #Infosec
@threatsbank
28 May 2025
50 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Remote Code Execution on Evertz SDVN (CVE-2025-4009 - Full Disclosure) https://t.co/8WrSdHqmrk https://t.co/66LF3ZAl7l
@secharvesterx
28 May 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Remote Code Execution on Evertz SDVN (CVE-2025-4009 - Full Disclosure) https://t.co/I8TaSFpKSG
@_r_netsec
28 May 2025
838 Impressions
2 Retweets
10 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-4009 The Evertz SVDN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. This device exposes a web management interface on port 80. This web man… https://t.co/NmixBTF8Z1
@CVEnew
28 May 2025
435 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-4009: CRITICAL] Evertz SVDN 3080ipx-10G Ethernet Switching Fabric has serious cyber security vulnerabilities, allowing remote attackers to gain root privileges & execute arbitrary commands.#cve,CVE-2025-4009,#cybersecurity https://t.co/MFAtgNHG2o https://t.co/IYaH6V
@CveFindCom
28 May 2025
54 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes