CVE-2025-63952
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-24

Last updated on: 2025-12-30

Assigner: MITRE

Description
A Cross-Site Request Forgery (CSRF) in the /mwapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-24
Last Modified
2025-12-30
Generated
2026-06-16
AI Q&A
2025-11-24
EPSS Evaluated
2026-06-15
NVD
CVE-2025-63952
EUVD
EUVD-2025-198970
Affected Vendors & Products
Showing 26 associated CPEs
Vendor Product Version / Range
magewell pro_convert_hdmi_4k_plus_firmware 1.2.213
magewell pro_convert_hdmi_4k_plus *
magewell pro_convert_hdmi_plus_firmware 1.2.213
magewell pro_convert_hdmi_plus *
magewell pro_convert_hdmi_tx_firmware 1.2.213
magewell pro_convert_hdmi_tx *
magewell pro_convert_12g_sdi_4k_plus_firmware 1.2.213
magewell pro_convert_12g_sdi_4k_plus *
magewell pro_convert_sdi_4k_plus_firmware 1.2.213
magewell pro_convert_sdi_4k_plus *
magewell pro_convert_sdi_plus_firmware 1.2.213
magewell pro_convert_sdi_plus *
magewell pro_convert_sdi_tx_firmware 1.2.213
magewell pro_convert_sdi_tx *
magewell pro_convert_for_ndi_to_hdmi_firmware 1.2.213
magewell pro_convert_for_ndi_to_hdmi *
magewell pro_convert_for_ndi_to_hdmi_4k_firmware 1.2.213
magewell pro_convert_for_ndi_to_hdmi_4k *
magewell pro_convert_for_ndi_to_aio_firmware 1.2.213
magewell pro_convert_for_ndi_to_aio *
magewell pro_convert_for_ndi_to_sdi_firmware 1.2.213
magewell pro_convert_for_ndi_to_sdi *
magewell pro_convert_aes67_firmware 1.2.213
magewell pro_convert_aes67 *
magewell pro_convert_audio_dx_firmware 1.2.213
magewell pro_convert_audio_dx *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a Cross-Site Request Forgery (CSRF) in the /mwapi?method=add-user component of Magewell Pro Convert v1.2.213. It allows attackers to create user accounts arbitrarily by sending a specially crafted GET request.

Impact Analysis

An attacker exploiting this vulnerability can create unauthorized user accounts on the affected system, potentially gaining access or escalating privileges, which can lead to unauthorized actions or compromise of the system.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-63952. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart