CVE-2019-25254

HIGH

KYOCERA Net Admin 3.4.0906 - Cross-Site Request Forgery via Administrative User Creation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25254. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in KYOCERA Net Admin 3.4.0906, allowing an attacker to add an administrator account via a malicious webpage. The PoC submits a crafted form to the target application without requiring user interaction beyond visiting the page.

Description

KYOCERA Net Admin 3.4.0906 contains a cross-site request forgery vulnerability that allows attackers to create administrative users without proper request validation. Attackers can craft malicious web pages that automatically submit forms to add new admin accounts with predefined credentials when a logged-in user visits the page.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textwebappslinux

https://www.exploit-db.com/exploits/44431

View Code ZIP pw:eip

This exploit demonstrates a CSRF vulnerability in KYOCERA Net Admin 3.4.0906, allowing an attacker to add an administrator account via a malicious webpage. The PoC submits a crafted form to the target application without requiring user interaction beyond visiting the page.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: KYOCERA Net Admin 3.4.0906

No auth needed

Prerequisites: Victim must be authenticated in the KYOCERA Net Admin session · Attacker must trick victim into visiting the malicious webpage

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/44431

Product product

https://global.kyocera.com

Exploit, Third Party Advisory third-party-advisory

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5458.php

Scores

CVSS v3 8.8

EPSS 0.0027

EPSS Percentile 17.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-352

Status published

Products (2)

kyocera/net_admin 3.4.0906

KYOCERA Corporation/KYOCERA Net Admin 3.4.0906

Published Dec 24, 2025

Tracked Since Feb 18, 2026