Unrated severityNVD Advisory· Published Dec 24, 2025· Updated Apr 7, 2026
KYOCERA Net Admin 3.4.0906 Cross-Site Request Forgery via User Administration
CVE-2019-25254
Description
KYOCERA Net Admin 3.4.0906 contains a cross-site request forgery vulnerability that allows attackers to create administrative users without proper request validation. Attackers can craft malicious web pages that automatically submit forms to add new admin accounts with predefined credentials when a logged-in user visits the page.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- KYOCERA Corporation/KYOCERA Net Adminv5Range: 3.4.0906
Patches
Vulnerability mechanics
References
3- www.exploit-db.com/exploits/44431mitreexploit
- www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5458.phpmitrethird-party-advisory
- global.kyocera.commitreproduct
News mentions
0No linked articles in our index yet.