Plattform
other
Komponente
kyocera-net-admin
CVE-2019-25254 describes a cross-site request forgery (CSRF) vulnerability present in KYOCERA Net Admin version 3.4.0906. This flaw allows attackers to create new administrative users without proper request validation, potentially granting them unauthorized access to the system. The vulnerability impacts version 3.4.0906 and requires immediate attention to prevent malicious account creation. A fix is not currently available.
The primary impact of CVE-2019-25254 is the ability for an attacker to create new administrative accounts on a vulnerable KYOCERA Net Admin system. This can be achieved by crafting malicious web pages that automatically submit forms with predefined credentials when a legitimate, logged-in user visits the page. Successful exploitation grants the attacker the same privileges as the newly created administrator, enabling them to modify configurations, access sensitive data, and potentially compromise the entire network. The blast radius extends to any data or systems accessible through the KYOCERA Net Admin interface.
CVE-2019-25254 was published on December 24, 2025. There are currently no publicly known proof-of-concept exploits. The vulnerability's severity is rated HIGH (CVSS 8.8) indicating a significant risk. It is not currently listed on the CISA KEV catalog. Active exploitation is not confirmed at this time.
Organizations utilizing KYOCERA Net Admin version 3.4.0906, particularly those with limited network segmentation or weak access controls, are at significant risk. Shared hosting environments where multiple users share the same KYOCERA Net Admin instance are also particularly vulnerable.
disclosure
Exploit-Status
EPSS
0.01% (2% Perzentil)
CISA SSVC
CVSS-Vektor
Due to the lack of a direct patch for KYOCERA Net Admin 3.4.0906, mitigation strategies focus on reducing the attack surface and preventing exploitation. Implement strict input validation on all administrative forms to prevent malicious data from being submitted. Consider using a Web Application Firewall (WAF) with CSRF protection rules to filter out malicious requests. Restrict access to the KYOCERA Net Admin interface to trusted networks and users. Regularly review user accounts and permissions to identify and remove any unauthorized accounts. Since a direct upgrade is unavailable, consider migrating to a newer, supported version of KYOCERA Net Admin if feasible.
Actualice a una versión corregida de KYOCERA Net Admin. Consulte la página de Kyocera para obtener más información sobre las actualizaciones disponibles y las instrucciones de mitigación.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2019-25254 is a cross-site request forgery vulnerability in KYOCERA Net Admin 3.4.0906 that allows attackers to create admin users without validation, potentially gaining control of the device.
If you are running KYOCERA Net Admin version 3.4.0906, you are potentially affected by this vulnerability. Upgrade as soon as possible.
The primary fix is to upgrade to a patched version of KYOCERA Net Admin. If upgrading is not immediately possible, implement WAF rules and strong access controls.
There is currently no evidence of active exploitation, but the vulnerability's nature makes it easily exploitable.
Please refer to the KYOCERA security advisories page for the latest information and updates regarding CVE-2019-25254.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.