Vulnerability Details CVE-2025-63952
A Cross-Site Request Forgery (CSRF) in the /mwapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 3.2%
CVSS Severity
CVSS v3 Score 5.7
References
Products affected by CVE-2025-63952
-
cpe:2.3:h:magewell:pro_convert_12g_sdi_4k_plus:-
-
cpe:2.3:h:magewell:pro_convert_aes67:-
-
cpe:2.3:h:magewell:pro_convert_audio_dx:-
-
cpe:2.3:h:magewell:pro_convert_for_ndi_to_aio:-
-
cpe:2.3:h:magewell:pro_convert_for_ndi_to_hdmi:-
-
cpe:2.3:h:magewell:pro_convert_for_ndi_to_hdmi_4k:-
-
cpe:2.3:h:magewell:pro_convert_for_ndi_to_sdi:-
-
cpe:2.3:h:magewell:pro_convert_hdmi_4k_plus:-
-
cpe:2.3:h:magewell:pro_convert_hdmi_plus:-
-
cpe:2.3:h:magewell:pro_convert_hdmi_tx:-
-
cpe:2.3:h:magewell:pro_convert_sdi_4k_plus:-
-
cpe:2.3:h:magewell:pro_convert_sdi_plus:-
-
cpe:2.3:h:magewell:pro_convert_sdi_tx:-
-
cpe:2.3:o:magewell:pro_convert_12g_sdi_4k_plus_firmware:1.2.213
-
cpe:2.3:o:magewell:pro_convert_aes67_firmware:1.2.213
-
cpe:2.3:o:magewell:pro_convert_audio_dx_firmware:1.2.213
-
cpe:2.3:o:magewell:pro_convert_for_ndi_to_aio_firmware:1.2.213
-
cpe:2.3:o:magewell:pro_convert_for_ndi_to_hdmi_4k_firmware:1.2.213
-
cpe:2.3:o:magewell:pro_convert_for_ndi_to_hdmi_firmware:1.2.213
-
cpe:2.3:o:magewell:pro_convert_for_ndi_to_sdi_firmware:1.2.213
-
cpe:2.3:o:magewell:pro_convert_hdmi_4k_plus_firmware:1.2.213
-
cpe:2.3:o:magewell:pro_convert_hdmi_plus_firmware:1.2.213
-
cpe:2.3:o:magewell:pro_convert_hdmi_tx_firmware:1.2.213
-
cpe:2.3:o:magewell:pro_convert_sdi_4k_plus_firmware:1.2.213
-
cpe:2.3:o:magewell:pro_convert_sdi_plus_firmware:1.2.213
-
cpe:2.3:o:magewell:pro_convert_sdi_tx_firmware:1.2.213