CVE-2025-3403 — Vulnetix

CVE-2025-3403 PUBLISHED CVSS 5.099999904632568 MEDIUM

A vulnerability was found in Vivotek NVR ND8422P, NVR ND9525P and NVR ND9541P 2.4.0.204/3.3.0.104/4.2.0.101. It has been classified as problematic. Affected is an unknown function of the component HTML Form Handler. The manipulation leads to inclusion of sensitive information in source code. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

EPSS 0.39% · 60.6th percentile

Risk Scores

CVSS v4.0

5.099999904632568

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS Score

0.39%

60.6th percentile

Affected Products

Vendor	Product	Versions
Vivotek	NVR ND9525P	3.3.0.104, 2.4.0.204, 4.2.0.101
Vivotek	NVR ND8422P	4.2.0.101, 2.4.0.204, 3.3.0.104
Vivotek	NVR ND9541P	2.4.0.204, 4.2.0.101, 3.3.0.104

Timeline

Apr 8, 2025 EPSS Score
Apr 8, 2025 CVE Published
Apr 8, 2025 PoC Published
Apr 8, 2025 PoC Published
Apr 8, 2025 CVE Updated
Apr 21, 2025 EPSS Score
May 3, 2025 EPSS Score
May 16, 2025 EPSS Score
May 28, 2025 EPSS Score
Jun 10, 2025 EPSS Score
Jun 23, 2025 EPSS Score
Jul 5, 2025 EPSS Score

References

https://vuldb.com/?ctiid.303648 technical
https://vuldb.com/?id.303648 technical
https://vuldb.com/?submit.543589 technical
https://github.com/lfparizzi/CVE-VIVOTEK-ID/blob/main/README.md exploit
https://nvd.nist.gov/vuln/detail/CVE-2025-3403 advisory

Open in Interactive Console →