KYOCERA Net Admin 3.4.0906 contains a cross-site request... · CVE-2019-25254 · GitHub Advisory Database · GitHub

KYOCERA Net Admin 3.4.0906 contains a cross-site request...

Moderate severity Unreviewed Published Dec 24, 2025 to the GitHub Advisory Database • Updated Dec 24, 2025

Package

No package listed— Suggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

KYOCERA Net Admin 3.4.0906 contains a cross-site request forgery vulnerability that allows attackers to create administrative users without proper request validation. Attackers can craft malicious web pages that automatically submit forms to add new admin accounts with predefined credentials when a logged-in user visits the page.

References

Published by the National Vulnerability Database

Dec 24, 2025

Published to the GitHub Advisory Database Dec 24, 2025

Last updated Dec 24, 2025

Severity

Moderate

/ 10

CVSS v4 base metrics

Exploitability Metrics

Attack Vector Network

Attack Complexity Low

Attack Requirements None

Privileges Required None

User interaction Active

Vulnerable System Impact Metrics

Confidentiality None

Integrity Low

Availability None

Subsequent System Impact Metrics

Confidentiality None

Integrity None

Availability None

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X