cvedb.io
CVE-2025-9495
UNKNOWN · CVSS n/a
EPSS exploitation probability: 0%
Published 2025-09-23T02:15:47.563 · Last modified 2026-06-17T10:09:06.587

Summary

The Vitogate 300 web interface fails to enforce proper server-side authentication and relies on frontend-based authentication controls. This allows an attacker to simply modify HTML elements in the browser’s developer tools to bypass login restrictions. By removing specific UI elements, an attacker can reveal the hidden administration menu, giving them full control over the device.

Does this affect you?

Add your gear to cvedb and we'll alert you only when a vendor you run ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.