CVE-2019-25254 MEDIUM

CVE-2019-25254: KYOCERA Net Admin 3.4.0906 Cross-Site Request Forgery via User Administration

Vendor Kyocera Corporation
Product KYOCERA Net Admin
Weakness CWE-352 · CSRF
Published December 24, 2025
Last update April 7, 2026

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

KYOCERA Net Admin 3.4.0906 contains a cross-site request forgery vulnerability that allows attackers to create administrative users without proper request validation. Attackers can craft malicious web pages that automatically submit forms to add new admin accounts with predefined credentials when a logged-in user visits the page.

Key dates

02Disclosure timeline

December 24, 2025 CVE published
April 7, 2026 Record updated