Authentication Bypass in Vitogate 300 Web Interface by Carrier
CVE-2025-9495

8.7HIGH

Key Information:

Vendor: Viessmann
Status: Vitogate 300
Vendor: CVE Published:; 23 September 2025

What is CVE-2025-9495?

The Vitogate 300 web interface is susceptible to an authentication bypass due to its failure to properly enforce server-side authentication. The vulnerability allows attackers to manipulate frontend HTML elements through the browser's developer tools to circumvent login controls. By concealing specific user interface elements, an attacker can gain access to a hidden administration menu, which grants them full control over the device. This oversight highlights the necessity for robust server-side authentication mechanisms to protect sensitive functionalities from unauthorized access.

Affected Version(s)

Vitogate 300 1 < 3.0.0.0

References

https://https://www.corporate.carrier.com/product-securit...

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 23, 2025
Vulnerability Reserved
Aug 26, 2025

Credit

Souvik Kandar of MicroSec (microsec.io)

JSON

Viessmann

What is CVE-2025-9495?

Affected Version(s)

References

CVSS V4

Timeline

Credit