CVE-2019-25244

MEDIUM

Legrand BTicino Driver Manager F454 1.0.51 - CSRF, XSS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25244. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in Legrand BTicino Driver Manager F454 1.0.51, allowing password changes via crafted HTTP requests, and a stored XSS vulnerability triggered via the 'server' GET parameter.

Description

Legrand BTicino Driver Manager F454 1.0.51 contains multiple web vulnerabilities that allow attackers to perform administrative actions without proper request validation. Attackers can exploit cross-site request forgery to change passwords and inject stored cross-site scripting payloads through unvalidated GET parameters.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textwebappsphp

https://www.exploit-db.com/exploits/46850

View Code ZIP pw:eip

This exploit demonstrates a CSRF vulnerability in Legrand BTicino Driver Manager F454 1.0.51, allowing password changes via crafted HTTP requests, and a stored XSS vulnerability triggered via the 'server' GET parameter.

Classification

Working Poc 100%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Legrand BTicino Driver Manager F454 1.0.51

Auth required

Prerequisites: Victim must be authenticated and visit a malicious webpage

MITRE ATT&CK

T1189 - Drive-by Compromise T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Various Sources product

https://www.bticino.com

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/46850

Third Party Advisory third-party-advisory

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5521.php

Third Party Advisory third-party-advisory

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5522.php

Scores

CVSS v3 5.3

EPSS 0.0022

EPSS Percentile 11.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (2)

BTicino S.p.A./Legrand BTicino Driver Manager F454 1.0.51

BTicino S.p.A./Legrand BTicino Driver Manager F454 1.1.14

Published Dec 24, 2025

Tracked Since Feb 18, 2026