CVE-2019-25251 MEDIUM

CVE-2019-25251: Teradek VidiU Pro 3.0.3 Server-Side Request Forgery via RTMP Settings

Vendor Teradek, Llc
Product VidiU Pro
Weakness CWE-918 · SSRF
Published December 24, 2025
Last update January 26, 2026
View on NVD All CVEs

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L

What the vulnerability does

01Description

Teradek VidiU Pro 3.0.3 contains a server-side request forgery vulnerability in the management interface that allows attackers to manipulate GET parameters 'url' and 'xml_url'. Attackers can exploit this flaw to bypass firewalls, initiate network enumeration, and potentially trigger external HTTP requests to arbitrary destinations.

Key dates

02Disclosure timeline

December 24, 2025 CVE published
January 26, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-12237 Photo Gallery Slideshow & Masonry Tiled Gallery <= 1.0.15 - Authenticated (Subscriber+) Limited Server-Side Request Forgery CVE-2026-4528 trueleaf ApiFlow URL Validation http_proxy.service.ts validateUrlSecurity server-side request forgery CVE-2026-4284 taoofagi easegen-admin PPT File PPTUtil.java downloadFile server-side request forgery CVE-2026-28036 WordPress Ratatouille theme <= 1.2.6 - Server Side Request Forgery (SSRF) vulnerability CVE-2023-6570 Server-Side Request Forgery (SSRF) in kubeflow/kubeflow