CVE-2025-10364 Unauthenticated Arbitrary Command Injection in Evertz SDVN

🗓️ 12 Sep 2025 13:48:18Reported by ONEKEYType

Unauthenticated command injection on Evertz SDVN 3080ipx-10G web interface via two PHP endpoints, enabling root access.

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2025-10364	12 Sep 202515:20	–	circl
CNNVD	Evertz SDVN 3080ipx-10G 安全漏洞	12 Sep 202500:00	–	cnnvd
CVE	CVE-2025-10364	12 Sep 202513:48	–	cve
CVE	CVE-2025-4009	28 May 202507:00	–	cve
EUVD	EUVD-2025-29048	3 Oct 202520:07	–	euvd
NVD	CVE-2025-10364	12 Sep 202514:15	–	nvd
Positive Technologies	PT-2025-37317	12 Sep 202500:00	–	ptsecurity
VulnCheck KEV	VulnCheck KEV: CVE-2025-4009	25 Jun 202500:00	–	vulncheck_kev
Vulnrichment	CVE-2025-10364 Unauthenticated Arbitrary Command Injection in Evertz SDVN	12 Sep 202513:48	–	vulnrichment
Vulnrichment	CVE-2025-4009 Unauthenticated Arbitrary Command Injection in Evertz SDVN	28 May 202507:00	–	vulnrichment

[
  {
    "defaultStatus": "affected",
    "product": "3080ipx-10G",
    "vendor": "Evertz",
    "versions": [
      {
        "status": "affected",
        "version": "0"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "product": "MViP-II",
    "vendor": "Evertz",
    "versions": [
      {
        "status": "affected",
        "version": "0"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "product": "cVIP",
    "vendor": "Evertz",
    "versions": [
      {
        "status": "affected",
        "version": "0"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "product": "7890IXG",
    "vendor": "Evertz",
    "versions": [
      {
        "status": "affected",
        "version": "0"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "product": "CC Access Server",
    "vendor": "Evertz",
    "versions": [
      {
        "status": "affected",
        "version": "0"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "product": "5782XPS-APP-4E",
    "vendor": "Evertz",
    "versions": [
      {
        "status": "affected",
        "version": "0"
      }
    ]
  }
]

Source	Link
onekey	www.onekey.com/resource/security-advisory-remote-code-execution-on-evertz-svdn-cve-2025-4009

12 Sep 2025 13:48Current

CVSS 49.3

EPSS0.00223

CWE-77