CVE-2019-25254

HIGH

KYOCERA Net Admin 3.4.0906 - CSRF

Title source: llm

Description

KYOCERA Net Admin 3.4.0906 contains a cross-site request forgery vulnerability that allows attackers to create administrative users without proper request validation. Attackers can craft malicious web pages that automatically submit forms to add new admin accounts with predefined credentials when a logged-in user visits the page.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textwebappslinux

https://www.exploit-db.com/exploits/44431

View Code ZIP pw:eip

References (3)

[Product] https://global.kyocera.com

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/44431

[Exploit, Third Party Advisory] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5458.php

Scores

CVSS v3 8.8

EPSS 0.0001

EPSS Percentile 1.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-352

Status published

Affected Products (1)

kyocera/net_admin

Timeline

Published Dec 24, 2025

Tracked Since Feb 18, 2026