CVE-2025-10264CRITICAL 10.0EPSS p35.7%

CVE-2025-10264CVE-2025-10264

Description

Certain models of NVR developed by Digiever has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remoter attackers to access the system configuration file and obtain plaintext credentials of the NVR and its connected cameras.

Scoring

CVSS 3.110.0 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS0.45% probability of exploitation · percentile 35.7% · 2026-06-21T12:00:28Z
Published2025-09-12
Last modified2026-04-15

Underlying weaknesses· 1

CWE-497

References

  1. https://www.twcert.org.tw/en/cp-139-10376-a057c-2.html
  2. https://www.twcert.org.tw/tw/cp-132-10375-19f1e-1.html

1

TypeTargetConfidenceTier
WeaknessExposure of Sensitive System Information to an Unauthorized Control Spherecwe-4970%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-10265
CVE
CVE-2025-6561
CVE
Digiever DS-2105 Pro Missing Authorization Vulnerability
CVE
CVE-2026-6824
CVE
CVE-2025-13607
CVE
CVE-2025-30026
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.