CVE-2019-25252

MEDIUM

Teradek VidiU Pro 3.0.3 - CSRF

Title source: llm

Description

Teradek VidiU Pro 3.0.3 contains a cross-site request forgery vulnerability that allows attackers to change administrative passwords without proper request validation. Attackers can craft malicious web pages that automatically submit password change requests to the device when a logged-in administrator visits the page.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · htmlwebappshardware

https://www.exploit-db.com/exploits/44671

View Code ZIP pw:eip

References (3)

[Exploit] https://www.exploit-db.com/exploits/44671

[Product] https://www.teradek.com

[Exploit, Third Party Advisory] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5460.php

Scores

CVSS v3 4.3

EPSS 0.0001

EPSS Percentile 0.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Classification

CWE

CWE-352

Status published

Affected Products (9)

teradek/vidiu_pro_firmware

teradek/vidiu_pro_firmware

teradek/vidiu_pro_firmware

teradek/vidiu_firmware

teradek/vidiu_firmware

teradek/vidiu_firmware

teradek/vidiu_mini_firmware

teradek/vidiu_mini_firmware

teradek/vidiu_mini_firmware

Timeline

Published Dec 24, 2025

Tracked Since Feb 18, 2026