CVE-2025-63560 identifies a denial of service vulnerability in the firmware version 1.20.0006 of the KiloView Dual Channel 4k HDMI & 3G-SDI HEVC Video Encoder. The flaw exists in the systemctrl API, specifically within the System/reFactory component, which can be remotely triggered by an unauthenticated attacker. Exploitation leads to resource exhaustion or system instability, causing the device to become unresponsive or crash, resulting in denial of service. The vulnerability is classified under CWE-400, indicating improper resource management. The attack vector is network-based (AV:N), requires low attack complexity (AC:L), no privileges (PR:N), and no user interaction (UI:N). The impact is limited to availability (A:H) with no confidentiality or integrity loss. No patches or fixes have been released at the time of publication, and no active exploits have been reported. This vulnerability affects organizations relying on KiloView encoders for video capture and streaming, potentially disrupting broadcast or surveillance operations.

For European organizations, the primary impact is operational disruption due to denial of service on critical video encoding infrastructure. This can affect broadcasters, media production companies, surveillance systems, and any enterprise leveraging KiloView encoders for real-time video transmission. Loss of availability could lead to broadcast outages, loss of surveillance coverage, or interruption of video conferencing and streaming services. This may result in financial losses, reputational damage, and compliance issues, especially in regulated sectors like media and public safety. The lack of confidentiality or integrity impact limits data breach risks, but availability loss in critical systems can have cascading effects on business continuity and emergency response capabilities.

1. Immediately restrict network access to the KiloView encoder management interfaces by implementing strict firewall rules and network segmentation to isolate these devices from untrusted networks. 2. Disable or limit access to the systemctrl API, especially the System/reFactory component, if possible, or monitor API usage for anomalous requests indicative of exploitation attempts. 3. Employ intrusion detection/prevention systems (IDS/IPS) tuned to detect unusual traffic patterns targeting the encoder devices. 4. Maintain an inventory of all KiloView devices and monitor vendor communications for firmware updates or patches addressing this vulnerability. 5. Develop and test incident response plans to quickly recover from potential denial of service events, including device reboot procedures and fallback streaming options. 6. Consider deploying redundant encoding infrastructure to ensure continuity in case of device failure.