CVE-2019-25251

EUVD-2025-205304
Teradek VidiU Pro 3.0.3 contains a server-side request forgery vulnerability in the management interface that allows attackers to manipulate GET parameters 'url' and 'xml_url'. Attackers can exploit this flaw to bypass firewalls, initiate network enumeration, and potentially trigger external HTTP requests to arbitrary destinations.
SSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
VulnCheckCNA
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
Affected Products (NVD)
VendorProductVersion
teradekvidiu_pro_firmware
2.4.10
teradekvidiu_pro_firmware
3.0.2:build31225
teradekvidiu_pro_firmware
3.0.3:build32136
teradekvidiu_firmware
2.4.10
teradekvidiu_firmware
3.0.2:build31225
teradekvidiu_firmware
3.0.3:build32136
teradekvidiu_mini_firmware
2.4.10
teradekvidiu_mini_firmware
3.0.2:build31225
teradekvidiu_mini_firmware
3.0.3:build32136
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.exploit-db.com/exploits/44672
https://www.teradek.com
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5461.php
https://www.exploit-db.com/exploits/44672
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5461.php