← Back

CVE-2025-63952

nvd nist
Published: Nov 24, 2025Modified: Dec 30, 2025

JSON object

Loading...
5.7
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
Exploitability: 2.1 / Impact: 3.6
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

A Cross-Site Request Forgery (CSRF) in the /mwapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request.

Affected (13)

Magewell
13 products
Pro Convert Hdmi 4k Plus Firmware
Pro Convert Hdmi Plus Firmware
Pro Convert Hdmi Tx Firmware
Pro Convert 12g Sdi 4k Plus Firmware
Pro Convert Sdi 4k Plus Firmware
Pro Convert Sdi Plus Firmware
Pro Convert Sdi Tx Firmware
Pro Convert For Ndi To Hdmi Firmware
Pro Convert For Ndi To Hdmi 4k Firmware
Pro Convert For Ndi To Aio Firmware
Pro Convert For Ndi To Sdi Firmware
Pro Convert Aes67 Firmware
Pro Convert Audio Dx Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Pro Convert Hdmi 4k Plus Firmware
Version 1.2.213
Running on/withPlatform Versions
Magewell
Pro Convert Hdmi 4k Plus
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Pro Convert Hdmi Plus Firmware
Version 1.2.213
Running on/withPlatform Versions
Magewell
Pro Convert Hdmi Plus
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Pro Convert Hdmi Tx Firmware
Version 1.2.213
Running on/withPlatform Versions
Magewell
Pro Convert Hdmi Tx
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Pro Convert 12g Sdi 4k Plus Firmware
Version 1.2.213
Running on/withPlatform Versions
Magewell
Pro Convert 12g Sdi 4k Plus
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Pro Convert Sdi 4k Plus Firmware
Version 1.2.213
Running on/withPlatform Versions
Magewell
Pro Convert Sdi 4k Plus
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Pro Convert Sdi Plus Firmware
Version 1.2.213
Running on/withPlatform Versions
Magewell
Pro Convert Sdi Plus
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Pro Convert Sdi Tx Firmware
Version 1.2.213
Running on/withPlatform Versions
Magewell
Pro Convert Sdi Tx
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Pro Convert For Ndi To Hdmi Firmware
Version 1.2.213
Running on/withPlatform Versions
Magewell
Pro Convert For Ndi To Hdmi
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Pro Convert For Ndi To Hdmi 4k Firmware
Version 1.2.213
Running on/withPlatform Versions
Magewell
Pro Convert For Ndi To Hdmi 4k
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Pro Convert For Ndi To Aio Firmware
Version 1.2.213
Running on/withPlatform Versions
Magewell
Pro Convert For Ndi To Aio
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Pro Convert For Ndi To Sdi Firmware
Version 1.2.213
Running on/withPlatform Versions
Magewell
Pro Convert For Ndi To Sdi
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Pro Convert Aes67 Firmware
Version 1.2.213
Running on/withPlatform Versions
Magewell
Pro Convert Aes67
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Pro Convert Audio Dx Firmware
Version 1.2.213
Running on/withPlatform Versions
Magewell
Pro Convert Audio Dx
All versions

Related CWEs

CWE-352
Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

Source: cve@mitre.org
ExploitThird Party Advisory
Source: cve@mitre.org
Vendor Advisory

Timeline

No history available yet.