CVE-2025-7202

Summary

A Cross-Site Request Forgery (CSRF) in Elgato's Key Lights and related light products allows an attacker to host a malicious webpage that remotely controlles the victim's lights.

Affected Software

VendorProductVersion RangeStatus
ElgatoKey Light0 <= 1.0.3(218)affected
ElgatoKey Light Air0 <= 1.0.3.220affected
ElgatoKey Light Mini0 <= 1.0.4.239affected
ElgatoKey Light Neo0 <= 1.0.4.206affected
ElgatoRing Light0 <= 1.0.4.149affected
ElgatoLight Strip0 <= 1.0.4.231affected
ElgatoLight Strip Pro0 <= 1.0.1.145affected

Weaknesses

  • CWE-352: CWE-352 Cross-Site Request Forgery (CSRF)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References