PT-2025-23064 · Evertz · Evertz Svdn 3080Ipx-10G
Q. Kaiser
·
Published
2025-05-28
·
Updated
2025-10-03
·
CVE-2025-4009
CVSS v4.0
9.3
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:X/V:C/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Evertz SDVN 3080ipx-10G (affected versions not specified)
Description
The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application that exposes a web management interface on port 80. This interface has two endpoints that are vulnerable to arbitrary command injection and the authentication mechanism has a flaw leading to authentication bypass. Remote unauthenticated attackers can gain arbitrary command execution with elevated privileges on affected devices. This level of access could lead to serious business impact such as the interruption of media streaming, modification of media being streamed, alteration of closed captions being generated, among others.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
RCE
Command Injection
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Evertz Svdn 3080Ipx-10G