Description

A Cross-Site Request Forgery (CSRF) in the /mwapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request.

INFO

Published Date :

2025-11-24T00:00:00.000Z

Last Modified :

2025-11-24T19:04:38.235Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-63952 vulnerability.

Vendors Products
Magewell
  • Convert
  • Pro Convert 12g Sdi 4k Plus
  • Pro Convert 12g Sdi 4k Plus Firmware
  • Pro Convert Aes67
  • Pro Convert Aes67 Firmware
  • Pro Convert Audio Dx
  • Pro Convert Audio Dx Firmware
  • Pro Convert For Ndi To Aio
  • Pro Convert For Ndi To Aio Firmware
  • Pro Convert For Ndi To Hdmi
  • Pro Convert For Ndi To Hdmi 4k
  • Pro Convert For Ndi To Hdmi 4k Firmware
  • Pro Convert For Ndi To Hdmi Firmware
  • Pro Convert For Ndi To Sdi
  • Pro Convert For Ndi To Sdi Firmware
  • Pro Convert Hdmi 4k Plus
  • Pro Convert Hdmi 4k Plus Firmware
  • Pro Convert Hdmi Plus
  • Pro Convert Hdmi Plus Firmware
  • Pro Convert Hdmi Tx
  • Pro Convert Hdmi Tx Firmware
  • Pro Convert Sdi 4k Plus
  • Pro Convert Sdi 4k Plus Firmware
  • Pro Convert Sdi Plus
  • Pro Convert Sdi Plus Firmware
  • Pro Convert Sdi Tx
  • Pro Convert Sdi Tx Firmware
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-63952.

URL Resource
https://github.com/iyadalkhatib98/My_CVES/tree/main/CVE-2025-63952 cve-icon cve-icon
https://www.magewell.com cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact