CVE-2019-25254

HIGH

KYOCERA Net Admin 3.4.0906 - CSRF

Title source: llm

Description

KYOCERA Net Admin 3.4.0906 contains a cross-site request forgery vulnerability that allows attackers to create administrative users without proper request validation. Attackers can craft malicious web pages that automatically submit forms to add new admin accounts with predefined credentials when a logged-in user visits the page.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textwebappslinux

https://www.exploit-db.com/exploits/44431

View Code ZIP pw:eip

References (3)

Core 3

Core References

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/44431

Product product

https://global.kyocera.com

Exploit, Third Party Advisory third-party-advisory

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5458.php

Scores

CVSS v3 8.8

EPSS 0.0002

EPSS Percentile 4.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-352

Status published

Products (2)

kyocera/net_admin 3.4.0906

KYOCERA Corporation/KYOCERA Net Admin 3.4.0906

Published Dec 24, 2025

Tracked Since Feb 18, 2026