FKIE_CVE-2019-25251
Vulnerability from fkie_nvd - Published: 2025-12-24 20:15 - Updated: 2026-01-26 16:15
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Summary
Teradek VidiU Pro 3.0.3 contains a server-side request forgery vulnerability in the management interface that allows attackers to manipulate GET parameters 'url' and 'xml_url'. Attackers can exploit this flaw to bypass firewalls, initiate network enumeration, and potentially trigger external HTTP requests to arbitrary destinations.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| teradek | vidiu_pro_firmware | 2.4.10 | |
| teradek | vidiu_pro_firmware | 3.0.2 | |
| teradek | vidiu_pro_firmware | 3.0.3 | |
| teradek | vidiu_pro | - | |
| teradek | vidiu_firmware | 2.4.10 | |
| teradek | vidiu_firmware | 3.0.2 | |
| teradek | vidiu_firmware | 3.0.3 | |
| teradek | vidiu | - | |
| teradek | vidiu_mini_firmware | 2.4.10 | |
| teradek | vidiu_mini_firmware | 3.0.2 | |
| teradek | vidiu_mini_firmware | 3.0.3 | |
| teradek | vidiu_mini | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:teradek:vidiu_pro_firmware:2.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AB502907-F471-4CD6-96DB-482B8E0E1D74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:teradek:vidiu_pro_firmware:3.0.2:build31225:*:*:*:*:*:*",
"matchCriteriaId": "3E2233DB-2467-4595-B0C5-AD15019F0EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:teradek:vidiu_pro_firmware:3.0.3:build32136:*:*:*:*:*:*",
"matchCriteriaId": "ADC66DD8-EA14-47C0-8C31-C1B472FB7CC4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:teradek:vidiu_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58CE55D2-C40E-4D63-ACA4-CCC076ACF6BD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:teradek:vidiu_firmware:2.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9CF9D82E-74EA-4BC6-8BA2-13421428591A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:teradek:vidiu_firmware:3.0.2:build31225:*:*:*:*:*:*",
"matchCriteriaId": "20A7FFB3-8409-47F4-B4CC-1E2E61DB06F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:teradek:vidiu_firmware:3.0.3:build32136:*:*:*:*:*:*",
"matchCriteriaId": "287269D2-ECA3-49B5-AA3D-0BE655AC50CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:teradek:vidiu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC6A98F2-4C8D-4E91-9E8C-8503F8ABEEBD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:teradek:vidiu_mini_firmware:2.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6A6176D1-8E72-4146-8C8D-758EB9D17DBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:teradek:vidiu_mini_firmware:3.0.2:build31225:*:*:*:*:*:*",
"matchCriteriaId": "542AECA0-5850-449F-90DC-2CE286C1B9CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:teradek:vidiu_mini_firmware:3.0.3:build32136:*:*:*:*:*:*",
"matchCriteriaId": "318A8078-6BA8-4CB3-BF9A-3EA28C5FD690",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:teradek:vidiu_mini:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8D11D449-7AD2-419F-A514-004979C34C73",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Teradek VidiU Pro 3.0.3 contains a server-side request forgery vulnerability in the management interface that allows attackers to manipulate GET parameters \u0027url\u0027 and \u0027xml_url\u0027. Attackers can exploit this flaw to bypass firewalls, initiate network enumeration, and potentially trigger external HTTP requests to arbitrary destinations."
}
],
"id": "CVE-2019-25251",
"lastModified": "2026-01-26T16:15:54.130",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "disclosure@vulncheck.com",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "disclosure@vulncheck.com",
"type": "Secondary"
}
]
},
"published": "2025-12-24T20:15:53.553",
"references": [
{
"source": "disclosure@vulncheck.com",
"tags": [
"Exploit"
],
"url": "https://www.exploit-db.com/exploits/44672"
},
{
"source": "disclosure@vulncheck.com",
"tags": [
"Product"
],
"url": "https://www.teradek.com"
},
{
"source": "disclosure@vulncheck.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5461.php"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit"
],
"url": "https://www.exploit-db.com/exploits/44672"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5461.php"
}
],
"sourceIdentifier": "disclosure@vulncheck.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "disclosure@vulncheck.com",
"type": "Secondary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…