CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Kyocera: >> Net Admin >> 3.4.0906 Security Vulnerabilities

CVE-2019-25254

KYOCERA Net Admin 3.4.0906 contains a cross-site request forgery vulnerability that allows attackers to create administrative users without proper request validation. Attackers can craft malicious web pages that automatically submit forms to add new admin accounts with predefined credentials when a logged-in user visits the page.

CVSS Score

5.3

EPSS Score

0.0

Published

2025-12-24

CVE-2019-25253

KYOCERA Net Admin 3.4.0906 contains an XML External Entity (XXE) injection vulnerability in the Multi-Set Template Editor that allows unauthenticated attackers to read arbitrary system files. Attackers can craft a malicious XML file with external entity references to retrieve sensitive configuration data like database credentials through an out-of-band channel attack.

CVSS Score

7.5

EPSS Score

0.001

Published

2025-12-24

Page 1

Vulnerabilities

Vulnerable Software

Kyocera: >> Net Admin >> 3.4.0906 Security Vulnerabilities

Products

Pricing

Contact Us