CVE-2025-9495
Published: 23 September 2025
Summary
CVE-2025-9495 is a high-severity Client-Side Enforcement of Server-Side Security (CWE-602) vulnerability in Https: (inferred from references). Its CVSS base score is 8.7 (High).
Operationally, ranked at the 9.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-30428
Vulnerability details
The Vitogate 300 web interface fails to enforce proper server-side authentication and relies on frontend-based authentication controls. This allows an attacker to simply modify HTML elements in the browser’s developer tools to bypass login restrictions. By removing specific UI elements,…
more
an attacker can reveal the hidden administration menu, giving them full control over the device.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.