CVE-2019-25254
Unknown Unknown - Not Provided
CSRF in KYOCERA Net Admin Allows Unauthorized Admin Account Creation

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: VulnCheck

Description
KYOCERA Net Admin 3.4.0906 contains a cross-site request forgery vulnerability that allows attackers to create administrative users without proper request validation. Attackers can craft malicious web pages that automatically submit forms to add new admin accounts with predefined credentials when a logged-in user visits the page.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-06-16
AI Q&A
2025-12-24
EPSS Evaluated
2026-06-15
NVD
CVE-2019-25254
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
kyocera net_admin 3.4.0906
apache tomcat 8.5.15
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2019-25254 is a Cross-Site Request Forgery (CSRF) vulnerability in KYOCERA Net Admin version 3.4.0906. It allows attackers to create administrative users without proper request validation by exploiting the web interface. If a logged-in user visits a malicious website, the attacker can automatically submit crafted HTTP requests that add new admin accounts with predefined credentials, bypassing security checks. [1, 2]

Impact Analysis

This vulnerability can impact you by allowing an attacker to gain unauthorized administrative access to the KYOCERA Net Admin system. By creating new admin accounts without proper validation, attackers can control device management functions, potentially leading to unauthorized configuration changes, security breaches, and loss of control over managed devices. [1, 2]

Detection Guidance

This vulnerability can be detected by monitoring for unauthorized HTTP POST requests to the addUser.faces endpoint of KYOCERA Net Admin 3.4.0906, especially those that attempt to add new administrative users with preset credentials such as username "backdoor" and password "pass123". Network intrusion detection systems (NIDS) can be configured to alert on such suspicious POST requests. Additionally, reviewing web server logs for unexpected POST requests to addUser.faces or GET requests to EventControllerServlet related to node configuration updates may help detect exploitation attempts. Since the exploit involves CSRF, checking for unusual administrative user creation events in the application logs is also recommended. Specific commands depend on your environment, but for example, on a Linux system with access to web server logs, you could use: `grep 'addUser.faces' /var/log/apache2/access.log` or `grep 'EventControllerServlet' /var/log/apache2/access.log` to identify suspicious requests. [1, 2]

Mitigation Strategies

Immediate mitigation steps include restricting access to the KYOCERA Net Admin web interface to trusted networks and users only, implementing CSRF protection mechanisms such as anti-CSRF tokens in the web application, and monitoring for unauthorized administrative user creation. If possible, update or patch the software to a version that addresses this vulnerability. As a temporary workaround, disable or restrict the addUser.faces endpoint or administrative user creation functionality until a fix is applied. Additionally, educate users to avoid visiting untrusted websites while logged into the KYOCERA Net Admin interface to reduce the risk of CSRF exploitation. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25254. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart