CVE-2019-25251
MEDIUMDescription
Teradek VidiU Pro 3.0.3 contains a server-side request forgery vulnerability in the management interface that allows attackers to manipulate GET parameters 'url' and 'xml_url'. Attackers can exploit this flaw to bypass firewalls, initiate network enumeration, and potentially trigger external HTTP requests to arbitrary destinations.
Is your site exposed to CVE-2019-25251?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| teradek | vidiu_pro_firmware |
| teradek | vidiu_pro_firmware |
| teradek | vidiu_pro_firmware |
| teradek | vidiu_pro |
| teradek | vidiu_firmware |
| teradek | vidiu_firmware |
| teradek | vidiu_firmware |
| teradek | vidiu |
| teradek | vidiu_mini_firmware |
| teradek | vidiu_mini_firmware |
| teradek | vidiu_mini_firmware |
| teradek | vidiu_mini |
References
Frequently Asked Questions
What is CVE-2019-25251? +
How severe is CVE-2019-25251? +
What products are affected by CVE-2019-25251? +
How do I check if I'm vulnerable to CVE-2019-25251? +
Related Vulnerabilities
MaxKB is an open-source AI assistant for enterprise. MaxKB 2.8.0 and prior are vulnerable to a server-side request forgery (SSRF) …
pupnp is an SDK for development of UPnP device and control point applications. Prior to version 1.18.5, pupnp is vulnerable …
FastGPT is an AI Agent building platform. Prior to version 4.14.17, an unauthenticated Server-Side Request Forgery (SSRF) vulnerability allows attackers …
Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, an SSRF vulnerability …
MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, SSRF via work_flow_template Import. Authenticated users can supply arbitrary …
Craft CMS is a content management system (CMS). Versions on the 4.x branch through 4.17.8 and the 5.x branch through …