CVE-2019-25242

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

4.3 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N                                    

Vulnerability Description

FaceSentry Access Control System 6.4.8 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change administrator passwords, add new admin users, or open access control doors by tricking authenticated users into loading a specially crafted webpage.

Vulnerability Details

Published Date

December 24, 2025

Last Modified

December 30, 2025

CWE ID

CWE-352

Source

NVD

Vendor

iwt

Product

facesentry_access_control_system_firmware

External References

http://www.iwt.com.hk
https://www.exploit-db.com/exploits/47065
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5524.php
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5524.php

CVE-2019-25242

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment