Plattform
other
Komponente
facesentry-access-control-system
Behoben in
6.4.9
5.7.3
5.7.1
CVE-2019-25242 describes a cross-site request forgery (XSRF) vulnerability present in FaceSentry Access Control System versions up to 6.4.8. This flaw allows attackers to trick authenticated administrators into unknowingly executing malicious actions, potentially granting unauthorized access and control. The vulnerability was published on December 24, 2025, and a patch is available in version 6.4.9.
The primary impact of this XSRF vulnerability lies in the ability of an attacker to impersonate an authenticated administrator. By crafting malicious web pages, an attacker can induce a legitimate administrator to unknowingly execute commands that would otherwise require their explicit consent. This could include actions such as changing administrator passwords, adding new administrator accounts, or even opening access control doors, effectively bypassing security measures. The blast radius extends to the entire access control system, potentially compromising physical security and enabling unauthorized entry.
Public information regarding active exploitation of CVE-2019-25242 is currently limited. The vulnerability was published on December 24, 2025. It is not listed on the CISA KEV catalog at the time of writing. While no public proof-of-concept (PoC) code has been widely disseminated, the inherent nature of XSRF vulnerabilities makes it likely that an exploit could be developed relatively easily.
Organizations utilizing FaceSentry Access Control System in environments where administrators routinely access the system through web browsers are at risk. This includes deployments with shared hosting environments or legacy configurations where security best practices may not be fully implemented.
disclosure
Exploit-Status
EPSS
0.03% (8% Perzentil)
CISA SSVC
CVSS-Vektor
The recommended mitigation for CVE-2019-25242 is to immediately upgrade FaceSentry Access Control System to version 6.4.9 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as requiring multi-factor authentication (MFA) for all administrative actions. Implementing strict input validation and output encoding can also help reduce the risk of XSRF attacks. Regularly review access control logs for any suspicious activity.
FaceSentry Access Control System auf eine Version aktualisieren, die neuer als 6.4.8, 5.7.2 und 5.7.0 ist. Als vorübergehende Maßnahme den Remote-Zugriff auf die Web-Oberfläche deaktivieren oder CSRF-Schutzmaßnahmen implementieren.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2019-25242 is a cross-site request forgery vulnerability affecting FaceSentry Access Control System versions up to 6.4.8, allowing attackers to perform administrative actions without consent.
You are affected if you are using FaceSentry Access Control System version 6.4.8 or earlier. Upgrade to 6.4.9 to mitigate the risk.
Upgrade FaceSentry Access Control System to version 6.4.9 or later. As a temporary workaround, implement multi-factor authentication for administrative actions.
While no active exploitation has been widely reported, the vulnerability's nature makes it susceptible to exploitation. Monitor access logs for suspicious activity.
Refer to the FaceSentry official website or security advisory channels for the latest information and updates regarding CVE-2019-25242.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.