CVE-2019-25254

KYOCERA Net Admin 3.4.0906 contains a cross-site request forgery vulnerability that allows attackers to create administrative users without proper request validation. Attackers can craft malicious web pages that automatically submit forms to add new admin accounts with predefined credentials when a ...

high 8.8 CVSS 3.1

Published: Dec 24, 2025

Modified: Jan 16, 2026

Vendor: Kyocera

Versions: 3.4.0906

Description

KYOCERA Net Admin 3.4.0906 contains a cross-site request forgery vulnerability that allows attackers to create administrative users without proper request validation. Attackers can craft malicious web pages that automatically submit forms to add new admin accounts with predefined credentials when a logged-in user visits the page.

References

https://global.kyocera.com
https://www.exploit-db.com/exploits/44431
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5458.php
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5458.php

Related CVEs

CVSS Breakdown

Version	3.1
Score	8.8 / 10
Severity	high

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weakness (CWE)

CWE-352

Affected Product

Vendor	Kyocera
Product	Net Admin
Versions	3.4.0906