CVE-2025-7202

Description

A Cross-Site Request Forgery (CSRF) in Elgato's Key Lights and related light products allows an attacker to host a malicious webpage that remotely controlles the victim's lights.

PUBLISHED Reserved 2025-07-07 | Published 2025-08-06 | Updated 2025-08-06 | Assigner Toreon

Problem types

CWE-352 Cross-Site Request Forgery (CSRF)

Product status

References

www.toreon.com/flashing-your-lights-cve-2025-7202/

cve.org (CVE-2025-7202)

nvd.nist.gov (CVE-2025-7202)

Download JSON