Description

The Sencore SMP100 SMP Media Platform (firmware versions V4.2.160, V60.1.4, V60.1.29) is vulnerable to session hijacking due to improper session management on the /UserManagement.html endpoint. Attackers who are on the same network as the victim and have access to the target's logged-in session can access the endpoint and add new users without any authentication. This allows attackers to gain unauthorized access to the system and perform malicious activities.

INFO

Published Date :

2025-11-18T00:00:00.000Z

Last Modified :

2025-11-19T18:52:23.807Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-63226 vulnerability.

Vendors Products
Sencore
  • Decoder-ccv2
  • Decoder-ccv2 Firmware
  • En2sdi-2hd
  • En2sdi-2hd Firmware
  • Smp100
  • Smp100 Firmware
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-63226.

URL Resource
https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63226_Sencore_SMP100_Session_Hijacking cve-icon cve-icon
https://www.sencore.com/ cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact