fkie_cve-2025-63953
Vulnerability from fkie_nvd
Published
2025-11-24 17:16
Modified
2025-12-30 17:58
Severity ?
Summary
A Cross-Site Request Forgery (CSRF) in the /usapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/iyadalkhatib98/My_CVES/tree/main/CVE-2025-63953 | Exploit, Third Party Advisory, Mitigation | |
| cve@mitre.org | https://www.magewell.com | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| magewell | ultra_encode_hdmi_firmware | 2.3.206 | |
| magewell | ultra_encode_hdmi | - | |
| magewell | ultra_encode_sdi_firmware | 2.3.206 | |
| magewell | ultra_encode_sdi | - | |
| magewell | ultra_encode_hdmi_plus_firmware | 2.3.206 | |
| magewell | ultra_encode_hdmi_plus | - | |
| magewell | ultra_encode_sdi_plus_firmware | 2.3.206 | |
| magewell | ultra_encode_sdi_plus | - | |
| magewell | ultra_encode_aio_firmware | 2.3.206 | |
| magewell | ultra_encode_aio | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:magewell:ultra_encode_hdmi_firmware:2.3.206:*:*:*:*:*:*:*",
"matchCriteriaId": "9EBB246F-AE8D-480A-AE2C-E7D093A30195",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:magewell:ultra_encode_hdmi:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4CC31127-AB61-4754-880C-99E5B7C3452C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:magewell:ultra_encode_sdi_firmware:2.3.206:*:*:*:*:*:*:*",
"matchCriteriaId": "05F10943-501A-43A6-A45D-6DC7D490706C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:magewell:ultra_encode_sdi:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C99D9AB-1101-4146-A36A-91639736DE79",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:magewell:ultra_encode_hdmi_plus_firmware:2.3.206:*:*:*:*:*:*:*",
"matchCriteriaId": "E4EB611F-B561-4904-9E24-FF69D4063156",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:magewell:ultra_encode_hdmi_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8EB5460-3EC5-4A68-8EBE-AA7181778587",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:magewell:ultra_encode_sdi_plus_firmware:2.3.206:*:*:*:*:*:*:*",
"matchCriteriaId": "E765AED8-6C62-4380-BA4C-1399668373F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:magewell:ultra_encode_sdi_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "921BD6B9-7983-47A0-9345-7157ED9C6FA6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:magewell:ultra_encode_aio_firmware:2.3.206:*:*:*:*:*:*:*",
"matchCriteriaId": "D0D501AB-2A8E-4554-8F44-BC1EFCFD7A2A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:magewell:ultra_encode_aio:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB453C74-42EA-4096-A03A-44391D71D333",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Request Forgery (CSRF) in the /usapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request."
}
],
"id": "CVE-2025-63953",
"lastModified": "2025-12-30T17:58:54.510",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-11-24T17:16:08.760",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"Mitigation"
],
"url": "https://github.com/iyadalkhatib98/My_CVES/tree/main/CVE-2025-63953"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.magewell.com"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…