CVE-2019-25252

Published: Dec 24, 2025Modified: Jan 26, 2026

5.1

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: disclosure@vulncheck.com (Secondary)

Description

Teradek VidiU Pro 3.0.3 contains a cross-site request forgery vulnerability that allows attackers to change administrative passwords without proper request validation. Attackers can craft malicious web pages that automatically submit password change requests to the device when a logged-in administrator visits the page.

Affected (9)

Products: Teradek: Vidiu Pro Firmware, Vidiu Firmware, Vidiu Mini Firmware

3 products

Vidiu Pro Firmware

Vidiu Mini Firmware

Configuration A

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Teradek Vidiu Pro Firmware	Version 2.4.10
Teradek Vidiu Pro Firmware	Version 3.0.2 build31225
Teradek Vidiu Pro Firmware	Version 3.0.3 build32136

Running on/with	Platform Versions
Teradek Vidiu Pro	All versions

Configuration B

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Teradek Vidiu Firmware	Version 2.4.10
Teradek Vidiu Firmware	Version 3.0.2 build31225
Teradek Vidiu Firmware	Version 3.0.3 build32136

Running on/with	Platform Versions
Teradek Vidiu	All versions

Configuration C

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Teradek Vidiu Mini Firmware	Version 2.4.10
Teradek Vidiu Mini Firmware	Version 3.0.2 build31225
Teradek Vidiu Mini Firmware	Version 3.0.3 build32136

Running on/with	Platform Versions
Teradek Vidiu Mini	All versions

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

https://www.exploit-db.com/exploits/44671

Source: disclosure@vulncheck.com

Exploit

https://www.teradek.com

Source: disclosure@vulncheck.com

Product

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5460.php

Source: disclosure@vulncheck.com

ExploitThird Party Advisory

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5460.php

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitThird Party Advisory

Timeline

No history available yet.