Home

Description

Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can trick logged-in users into executing unauthorized actions by crafting malicious web pages that submit requests to the application.

PUBLISHED Reserved 2025-12-24 | Published 2026-01-07 | Updated 2026-01-08 | Assigner VulnCheck




MEDIUM: 5.1CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Problem types

Cross-Site Request Forgery (CSRF)

Product status

4.30.063
affected

4.20.232
affected

4.11.606
affected

3.22.1818
affected

3.10.1633
affected

2.62.782
affected

1.00.395
affected

Credits

LiquidWorm as Gjoko Krstic of Zero Science Lab finder

References

www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5502.php (Zero Science Lab Vulnerability Advisory) third-party-advisory

www.exploit-db.com/exploits/46090 (Exploit Database Entry 46090) exploit

packetstormsecurity.com/files/151040 (Packet Storm Security Exploit File) exploit

exchange.xforce.ibmcloud.com/vulnerabilities/155275 (IBM X-Force Vulnerability Exchange Entry) vdb-entry

leica-geosystems.com/en-us (Leica Geosystems Vendor Homepage) product

cve.org (CVE-2019-25259)

nvd.nist.gov (CVE-2019-25259)

Download JSON