CVE-2025-10365 is a critical authentication bypass vulnerability affecting the Evertz SDVN 3080ipx-10G, a high bandwidth Ethernet switching fabric designed for video applications. This device exposes a web management interface on port 80, developed in PHP using the webEASY SDK ('ewb'). The interface allows administrators to control various product features including network switching setup and license registration. The vulnerability arises from improper authentication (CWE-287) in this web interface, enabling remote unauthenticated attackers to bypass authentication controls. This flaw allows attackers to gain arbitrary command execution with root privileges on the affected device. Additionally, the device has related vulnerabilities (CVE-2025-4009 and CVE-2025-10364) that permit arbitrary command injection, compounding the risk. Exploitation requires no authentication or user interaction and can be performed remotely over the network. The impact of successful exploitation is severe, potentially disrupting media streaming services, modifying streamed media content, or altering closed captions, which could affect broadcast integrity and availability. The CVSS v4.0 score of 9.3 reflects the critical nature of this vulnerability, highlighting its high impact on confidentiality, integrity, and availability without any access or interaction barriers. No patches are currently listed, and no known exploits are reported in the wild as of the publication date.

For European organizations, particularly those involved in media production, broadcasting, or streaming services, this vulnerability poses a significant threat. The ability for an attacker to gain root-level access to a core network switching device used in video applications can lead to service outages, content tampering, and reputational damage. Disruption of media streams can affect live broadcasts, emergency communications, and commercial content delivery, potentially violating regulatory requirements around media integrity and availability. Alteration of closed captions could also have legal and accessibility implications. Given the critical role of such devices in media infrastructure, exploitation could cascade into broader network disruptions. The lack of authentication requirement and remote exploitability increase the risk of widespread attacks, especially in environments where these devices are exposed to less secure network segments or the internet. The absence of known exploits currently provides a limited window for mitigation before active exploitation emerges.

1. Immediate network segmentation: Isolate the 3080ipx-10G devices from public or untrusted networks, restricting access to the management interface to trusted administrative networks only. 2. Implement strict firewall rules to block external access to port 80 on these devices unless absolutely necessary, and consider using VPNs or jump hosts for administrative access. 3. Monitor network traffic for unusual access attempts to the device’s web interface, including repeated unauthenticated requests or command injection patterns. 4. Employ intrusion detection/prevention systems (IDS/IPS) with signatures tuned to detect exploitation attempts targeting this vulnerability and related command injection flaws. 5. Engage with Evertz support or vendor channels to obtain patches or firmware updates as soon as they become available; prioritize patching once released. 6. Conduct thorough audits of existing device configurations and logs to detect any signs of compromise or unauthorized access. 7. Consider deploying application-layer gateways or web application firewalls (WAFs) that can inspect and block malicious payloads targeting the web interface. 8. Train operational staff to recognize and respond to incidents involving media infrastructure compromise, including rapid isolation and forensic analysis procedures.