CVE-2019-25259

EIP tracks 1 public exploit for CVE-2019-25259. PoCs published by LiquidWorm.

AI-analyzed exploit summary This HTML file demonstrates a Cross-Site Request Forgery (CSRF) vulnerability in Leica Geosystems GR10/GR25/GR30/GR50 GNSS devices. It submits a POST request to change user credentials without requiring valid authenticity tokens.

Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can trick logged-in users into executing unauthorized actions by crafting malicious web pages that submit requests to the application.