CVE-2025-45814 — CRITICAL (9.8)

Vulnerability Description

Missing authentication checks in the query.fcgi endpoint of NS3000 v8.1.1.125110 , v7.2.8.124852 , and v7.x and NS2000 v7.02.08 allows attackers to execute a session hijacking attack.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Novelsat	Ns3000 Firmware	7.2.8.124852
Novelsat	Ns3000	-
Novelsat	Ns2000 Firmware	7.02.08
Novelsat	Ns2000	-

Related Weaknesses (CWE)

CWE-306

References

https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-4581ExploitThird Party Advisory
https://novelsat.com/Product

FAQ

What is CVE-2025-45814?

CVE-2025-45814 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Missing authentication checks in the query.fcgi endpoint of NS3000 v8.1.1.125110 , v7.2.8.124852 , and v7.x and NS2000 v7.02.08 allows attackers to execute a session hijacking attack.

How severe is CVE-2025-45814?

CVE-2025-45814 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2025-45814?

Check the references section above for vendor advisories and patch information. Affected products include: Novelsat Ns3000 Firmware, Novelsat Ns3000, Novelsat Ns2000 Firmware, Novelsat Ns2000.