CVE-2019-25259
CSRF Vulnerability in Leica Geosystems GNSS Allows Admin Actions
Publication date: 2026-01-08
Last updated on: 2026-01-08
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| leica_geosystems | gr10 | 4.30.063 |
| leica_geosystems | gr25 | 4.30.063 |
| leica_geosystems | gr30 | 4.30.063 |
| leica_geosystems | gr50 | 4.30.063 |
| leica_geosystems | gr10 | to 4.30.063 (inc) |
| leica_geosystems | gr25 | to 4.30.063 (inc) |
| leica_geosystems | gr30 | to 4.30.063 (inc) |
| leica_geosystems | gr50 | to 4.30.063 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) affecting Leica Geosystems GR10/GR25/GR30/GR50 GNSS devices running firmware version 4.30.063 and earlier. It occurs because the device's application interface accepts HTTP requests to perform administrative actions without validating whether these requests are authentic. An attacker can exploit this by tricking a logged-in user into visiting a malicious website that submits crafted requests to the device, causing unauthorized administrative actions to be executed without the user's consent. [1, 2]
How can this vulnerability impact me? :
This vulnerability can allow attackers to perform unauthorized administrative actions on affected Leica GNSS devices if a logged-in user is tricked into visiting a malicious website. Such actions may include creating or modifying user accounts with administrative privileges, potentially compromising device security and control. This could lead to unauthorized access, manipulation of device settings, or disruption of device operations. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring HTTP requests sent to the Leica Geosystems GNSS device, especially POST requests to administrative endpoints such as /config/config_UserManagementPostBackHelper.lsp. Look for unusual or unauthorized requests that attempt to create or modify user accounts or perform administrative actions without proper validation. Since the vulnerability involves Cross-Site Request Forgery (CSRF), detection can include checking for unexpected POST requests originating from external or untrusted sources. Specific commands are not provided in the resources, but network traffic capture tools like tcpdump or Wireshark can be used to monitor HTTP traffic to the device. Additionally, reviewing web server logs for suspicious POST requests to administrative URLs can help detect exploitation attempts. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the Leica Geosystems GNSS device's web interface to trusted networks and users only, to prevent attackers from tricking logged-in users into visiting malicious websites. Disable or limit administrative actions via the web interface if possible. Educate users to avoid clicking on suspicious links or visiting untrusted websites while logged into the device. Since the vulnerability arises from lack of request validation, applying any available firmware updates or patches from Leica Geosystems that address this issue is recommended. If no patch is available, consider implementing network-level protections such as web application firewalls or access control lists to block unauthorized HTTP requests to the device. [1, 2]