Home

Description

Teradek VidiU Pro 3.0.3 contains a server-side request forgery vulnerability in the management interface that allows attackers to manipulate GET parameters 'url' and 'xml_url'. Attackers can exploit this flaw to bypass firewalls, initiate network enumeration, and potentially trigger external HTTP requests to arbitrary destinations.

PUBLISHED Reserved 2025-12-24 | Published 2025-12-24 | Updated 2025-12-24 | Assigner VulnCheck




MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L
MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Problem types

Server-Side Request Forgery (SSRF)

Product status

3.0.3r32136
affected

3.0.2r31225
affected

2.4.10
affected

Credits

LiquidWorm as Gjoko Krstic of Zero Science Lab finder

References

www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5461.php exploit

www.exploit-db.com/exploits/44672 exploit

www.exploit-db.com/exploits/44672 (ExploitDB-44672) exploit

www.teradek.com (Teradek Product Homepage) product

www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5461.php (Zero Science Lab Disclosure (ZSL-2018-5461)) third-party-advisory

cve.org (CVE-2019-25251)

nvd.nist.gov (CVE-2019-25251)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.