CVE-2025-63560

7.5 HIGH
Denial of Service

📋 TL;DR

A vulnerability in KiloView Dual Channel 4k HDMI & 3G-SDI HEVC Video Encoder firmware allows remote attackers to cause denial of service through the systemctrl API. This affects organizations using KiloView video encoders with vulnerable firmware versions. Attackers can disrupt video encoding services without authentication.

💻 Affected Systems

Products:
  • KiloView Dual Channel 4k HDMI & 3G-SDI HEVC Video Encoder
Versions: Firmware v.1.20.0006
Operating Systems: Embedded firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Affects devices with the vulnerable firmware version exposed to network access.

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption of video encoding functionality, requiring physical reset or firmware reflash to restore functionality.

🟠

Likely Case

Temporary denial of service causing video stream interruption until device restart.

🟢

If Mitigated

Minimal impact if device is behind firewall with restricted API access.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable without authentication via network API.
🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this to disrupt video services.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Proof of concept available in GitHub repository showing simple HTTP request to trigger DoS.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: http://kiloview.com

Restart Required: No

Instructions:

1. Check KiloView website for firmware updates. 2. Download latest firmware. 3. Upload via device web interface. 4. Apply update and verify version.

🔧 Temporary Workarounds

Network Segmentation

linux

Restrict network access to KiloView device management interface

iptables -A INPUT -p tcp --dport 80 -s trusted_network -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP

API Access Control

linux

Block access to vulnerable systemctrl API endpoint

iptables -A INPUT -p tcp --dport 80 -m string --string "systemctrl" --algo bm -j DROP

🧯 If You Can't Patch

  • Isolate KiloView devices on separate VLAN with strict firewall rules
  • Implement network monitoring for suspicious API requests to systemctrl endpoint

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via web interface at http://device-ip/status or via SSH if available

Check Version:

curl -s http://device-ip/status | grep -i version

Verify Fix Applied:

Verify firmware version is updated beyond v.1.20.0006 and test systemctrl API endpoint is not accessible

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests to /systemctrl endpoint
  • Device reboot logs without user action
  • System factory reset events

Network Indicators:

  • HTTP POST requests to device IP on port 80 with systemctrl in payload
  • Increased error responses from device

SIEM Query:

source="kiloview_logs" AND (uri_path="/systemctrl" OR message="factory reset" OR message="system reboot")

📊 Metadata

CVE ID: CVE-2025-63560
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-400
Published: November 6, 2025
Last Updated: February 5, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-63560, you might also want to check these:

CVE-2026-25140 7.5

This vulnerability in apko allows attackers who control or compromise APK repositories to cause reso...

Same vulnerability type (CWE-400)
CVE-2025-71031 7.5

CVE-2025-71031 is a denial-of-service vulnerability in Water-Melon Melon's HTTP component that lacks...

Same vulnerability type (CWE-400)
CVE-2026-0599 7.5

This vulnerability in huggingface/text-generation-inference allows unauthenticated attackers to trig...

Same vulnerability type (CWE-400)