Sensitive Information Exposure in Vivotek NVR Products
CVE-2025-3403

5.1MEDIUM

Key Information:

Vendor

Vivotek

Status
Nvr Nd8422p
Nvr Nd9525p
Nvr Nd9541p
Vendor
CVE Published:
8 April 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-3403?

A vulnerability has been detected in several Vivotek NVR models that allows attackers to exploit an issue within the HTML Form Handler component. This vulnerability permits unauthorized access to sensitive information, which may be exposed in the source code. Since the attack can be executed remotely, it presents a significant risk and has already been publicly disclosed. Despite attempts to notify the vendor for resolution, there has been no response. Users of these Vivotek NVR products should take immediate precautions to safeguard their systems.

Affected Version(s)

NVR ND8422P 2.4.0.204

NVR ND8422P 3.3.0.104

NVR ND8422P 4.2.0.101

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-3403 - Proof of Concept

References

https://vuldb.com/?id.303648
vdb-entry
https://vuldb.com/?ctiid.303648
signaturepermissions-required
https://vuldb.com/?submit.543589
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Syrtain (VulDB User)
.