CVE-2019-25259

Summary

Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can trick logged-in users into executing unauthorized actions by crafting malicious web pages that submit requests to the application.

Affected Software

VendorProductVersion RangeStatus
Leica Geosystems AGLeica Geosystems GR10/GR25/GR30/GR50 GNSS4.30.063affected
Leica Geosystems AGLeica Geosystems GR10/GR25/GR30/GR50 GNSS4.20.232affected
Leica Geosystems AGLeica Geosystems GR10/GR25/GR30/GR50 GNSS4.11.606affected
Leica Geosystems AGLeica Geosystems GR10/GR25/GR30/GR50 GNSS3.22.1818affected
Leica Geosystems AGLeica Geosystems GR10/GR25/GR30/GR50 GNSS3.10.1633affected
Leica Geosystems AGLeica Geosystems GR10/GR25/GR30/GR50 GNSS2.62.782affected
Leica Geosystems AGLeica Geosystems GR10/GR25/GR30/GR50 GNSS1.00.395affected

Weaknesses

  • CWE-352: Cross-Site Request Forgery (CSRF)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References