6.9
CVE-2019-25251
- EPSS 0.02%
- Veröffentlicht 24.12.2025 19:28:03
- Zuletzt bearbeitet 26.01.2026 16:15:54
- Quelle disclosure@vulncheck.com
- CVE-Watchlists
- Unerledigt
LoginTeradek VidiU Pro 3.0.3 contains a server-side request forgery vulnerability in the management interface that allows attackers to manipulate GET parameters 'url' and 'xml_url'. Attackers can exploit this flaw to bypass firewalls, initiate network enumeration, and potentially trigger external HTTP requests to arbitrary destinations.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Teradek ≫ Vidiu Pro Firmware Version2.4.10
Teradek ≫ Vidiu Pro Firmware Version3.0.2 Updatebuild31225
Teradek ≫ Vidiu Pro Firmware Version3.0.3 Updatebuild32136
Teradek ≫ Vidiu Firmware Version2.4.10
Teradek ≫ Vidiu Firmware Version3.0.2 Updatebuild31225
Teradek ≫ Vidiu Firmware Version3.0.3 Updatebuild32136
Teradek ≫ Vidiu Mini Firmware Version2.4.10
Teradek ≫ Vidiu Mini Firmware Version3.0.2 Updatebuild31225
Teradek ≫ Vidiu Mini Firmware Version3.0.3 Updatebuild32136
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.031 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| disclosure@vulncheck.com | 6.5 | 3.9 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
|
| disclosure@vulncheck.com | 6.9 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| nvd@nist.gov | 6.5 | 3.9 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
|
CWE-918 Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.