PatchSiren

Viessmann CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH Viessmann CVE published 2025-09-23

CVE-2025-9495

CVE-2025-9495 affects Viessmann Vitogate 300. CISA describes a weakness where the server relies on client-side protection mechanisms; an attacker can modify client behavior to bypass those protections and trigger unintended client-server interactions. Viessmann’s remediation guidance says the issue is resolved in software version 3.1.0.1 or newer.

CRITICAL Viessmann CVE published 2024-09-10

CVE-2023-5222

A critical vulnerability in Viessmann Vitogate 300 versions 2.1.3.0 and prior exposes affected devices to complete compromise via hard-coded credentials in the web management interface. The flaw resides in the `isValidUser` function within `/cgi-bin/vitogate.cgi`, allowing unauthenticated network attackers to gain administrative access without prior authentication. With a CVSS 3.1 score of 9.8, this vulne [truncated]