CVE-2019-25259
Unknown Unknown - Not Provided
CSRF Vulnerability in Leica Geosystems GNSS Allows Admin Actions

Publication date: 2026-01-08

Last updated on: 2026-01-08

Assigner: VulnCheck

Description
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can trick logged-in users into executing unauthorized actions by crafting malicious web pages that submit requests to the application.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-08
Last Modified
2026-01-08
Generated
2026-06-16
AI Q&A
2026-01-08
EPSS Evaluated
2026-06-15
NVD
CVE-2019-25259
Affected Vendors & Products
Showing 8 associated CPEs
Vendor Product Version / Range
leica_geosystems gr10 4.30.063
leica_geosystems gr25 4.30.063
leica_geosystems gr30 4.30.063
leica_geosystems gr50 4.30.063
leica_geosystems gr10 to 4.30.063 (inc)
leica_geosystems gr25 to 4.30.063 (inc)
leica_geosystems gr30 to 4.30.063 (inc)
leica_geosystems gr50 to 4.30.063 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a Cross-Site Request Forgery (CSRF) affecting Leica Geosystems GR10/GR25/GR30/GR50 GNSS devices running firmware version 4.30.063 and earlier. It occurs because the device's application interface accepts HTTP requests to perform administrative actions without validating whether these requests are authentic. An attacker can exploit this by tricking a logged-in user into visiting a malicious website that submits crafted requests to the device, causing unauthorized administrative actions to be executed without the user's consent. [1, 2]

Impact Analysis

This vulnerability can allow attackers to perform unauthorized administrative actions on affected Leica GNSS devices if a logged-in user is tricked into visiting a malicious website. Such actions may include creating or modifying user accounts with administrative privileges, potentially compromising device security and control. This could lead to unauthorized access, manipulation of device settings, or disruption of device operations. [1, 2]

Detection Guidance

This vulnerability can be detected by monitoring HTTP requests sent to the Leica Geosystems GNSS device, especially POST requests to administrative endpoints such as /config/config_UserManagementPostBackHelper.lsp. Look for unusual or unauthorized requests that attempt to create or modify user accounts or perform administrative actions without proper validation. Since the vulnerability involves Cross-Site Request Forgery (CSRF), detection can include checking for unexpected POST requests originating from external or untrusted sources. Specific commands are not provided in the resources, but network traffic capture tools like tcpdump or Wireshark can be used to monitor HTTP traffic to the device. Additionally, reviewing web server logs for suspicious POST requests to administrative URLs can help detect exploitation attempts. [1, 2]

Mitigation Strategies

Immediate mitigation steps include restricting access to the Leica Geosystems GNSS device's web interface to trusted networks and users only, to prevent attackers from tricking logged-in users into visiting malicious websites. Disable or limit administrative actions via the web interface if possible. Educate users to avoid clicking on suspicious links or visiting untrusted websites while logged into the device. Since the vulnerability arises from lack of request validation, applying any available firmware updates or patches from Leica Geosystems that address this issue is recommended. If no patch is available, consider implementing network-level protections such as web application firewalls or access control lists to block unauthorized HTTP requests to the device. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25259. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart