fkie_cve-2025-63952
Vulnerability from fkie_nvd
Published
2025-11-24 17:16
Modified
2025-12-30 18:13
Severity ?
Summary
A Cross-Site Request Forgery (CSRF) in the /mwapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/iyadalkhatib98/My_CVES/tree/main/CVE-2025-63952 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.magewell.com | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:magewell:pro_convert_hdmi_4k_plus_firmware:1.2.213:*:*:*:*:*:*:*",
"matchCriteriaId": "F79FF420-5C76-4415-A328-14F36A3F0580",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:magewell:pro_convert_hdmi_4k_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ADB1A789-DE46-4A78-847E-B057F1C19BFC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:magewell:pro_convert_hdmi_plus_firmware:1.2.213:*:*:*:*:*:*:*",
"matchCriteriaId": "0A482F2C-BA10-486C-B269-C54B7E40A812",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:magewell:pro_convert_hdmi_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F28BCEE-DFCA-4DA3-B230-159FF9B2E322",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:magewell:pro_convert_hdmi_tx_firmware:1.2.213:*:*:*:*:*:*:*",
"matchCriteriaId": "AF735287-5754-463D-93DF-2CB50471369E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:magewell:pro_convert_hdmi_tx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D4371C-A483-4CBD-97F6-7D2A39D6D5E6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:magewell:pro_convert_12g_sdi_4k_plus_firmware:1.2.213:*:*:*:*:*:*:*",
"matchCriteriaId": "F8942E00-D02E-4C6C-BB26-3023D465DDB2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:magewell:pro_convert_12g_sdi_4k_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E95CD31-4ADF-4C08-B19C-6B7117518DB0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:magewell:pro_convert_sdi_4k_plus_firmware:1.2.213:*:*:*:*:*:*:*",
"matchCriteriaId": "C1CA819A-C9B9-4669-9EC6-73FC73C6EAAC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:magewell:pro_convert_sdi_4k_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7133B02-9693-45A4-89ED-C50D8F35109A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:magewell:pro_convert_sdi_plus_firmware:1.2.213:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB96455-7250-4B55-A0B8-1D58E9272DB6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:magewell:pro_convert_sdi_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2732B092-46DA-4B25-88BA-7B477C2AE68E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:magewell:pro_convert_sdi_tx_firmware:1.2.213:*:*:*:*:*:*:*",
"matchCriteriaId": "75D0133C-74C7-49DA-AE0F-15340CADA7EB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:magewell:pro_convert_sdi_tx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "732B335F-7445-4DA0-9166-25EC0E5DF4D4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:magewell:pro_convert_for_ndi_to_hdmi_firmware:1.2.213:*:*:*:*:*:*:*",
"matchCriteriaId": "6BB7B1AD-2166-45BA-8B58-98F0505E0BB2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:magewell:pro_convert_for_ndi_to_hdmi:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F6715AC-5191-44DF-BE9C-B043187B4769",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:magewell:pro_convert_for_ndi_to_hdmi_4k_firmware:1.2.213:*:*:*:*:*:*:*",
"matchCriteriaId": "C1E88CDE-75A2-41CB-9EBC-E5467DAD4C07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:magewell:pro_convert_for_ndi_to_hdmi_4k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "654FDC5B-8831-4492-A6F8-6673AD213022",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:magewell:pro_convert_for_ndi_to_aio_firmware:1.2.213:*:*:*:*:*:*:*",
"matchCriteriaId": "1B125F89-30E1-4B0D-9E4B-B64EEC58B07F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:magewell:pro_convert_for_ndi_to_aio:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5857C002-7E61-461E-AF3A-FB4B2BFA0324",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:magewell:pro_convert_for_ndi_to_sdi_firmware:1.2.213:*:*:*:*:*:*:*",
"matchCriteriaId": "1C478BE2-8A25-411B-9A36-5A9098509C56",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:magewell:pro_convert_for_ndi_to_sdi:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A1209578-D1FB-49DA-A03F-2A4BB864770B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:magewell:pro_convert_aes67_firmware:1.2.213:*:*:*:*:*:*:*",
"matchCriteriaId": "4E0775F1-B84A-4E87-900A-2EC84696C08C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:magewell:pro_convert_aes67:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31D3C847-4B08-4599-AAE6-3724B8BA62FC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:magewell:pro_convert_audio_dx_firmware:1.2.213:*:*:*:*:*:*:*",
"matchCriteriaId": "35B4E5AE-C9CA-4A04-9791-06289AE86993",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:magewell:pro_convert_audio_dx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33B16C1E-9227-4883-9A02-E7C15A881B4F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Request Forgery (CSRF) in the /mwapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request."
}
],
"id": "CVE-2025-63952",
"lastModified": "2025-12-30T18:13:43.463",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-11-24T17:16:08.517",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/iyadalkhatib98/My_CVES/tree/main/CVE-2025-63952"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.magewell.com"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…