CVE-2025-9495

Name of the Vulnerable Software and Affected Versions Vitogate 300 (affected versions not specified)

Description The web interface does not properly enforce server-side authentication, relying instead on frontend-based authentication controls. This allows an attacker to bypass login restrictions by modifying HTML elements in the browser’s developer tools. By removing specific UI elements, an attacker can reveal the hidden administration menu, gaining full control over the device. The HTML elements can be modified to bypass login restrictions.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.