CVE-2019-25251

Summary

Teradek VidiU Pro 3.0.3 contains a server-side request forgery vulnerability in the management interface that allows attackers to manipulate GET parameters 'url' and 'xml_url'. Attackers can exploit this flaw to bypass firewalls, initiate network enumeration, and potentially trigger external HTTP requests to arbitrary destinations.

Affected Software

VendorProductVersion RangeStatus
Teradek, LLCVidiU Pro3.0.3r32136affected
Teradek, LLCVidiU Pro3.0.2r31225affected
Teradek, LLCVidiU Pro2.4.10affected

Weaknesses

  • CWE-918: Server-Side Request Forgery (SSRF)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

Additional References

References