CVE-2019-25259

MEDIUM WAF: Low

CVSS 5.3 Published: 2026-01-08

CWE-352

Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can trick logged-in users into executing unauthorized actions by crafting malicious web pages that submit requests to the application.

WAF Coverage Analysis

Cross-Site Request Forgery (CSRF) Low WAF Coverage

OWASP: A01:2021 Broken Access Control

References

exchange.xforce.ibmcloud.com
leica-geosystems.com
packetstormsecurity.com
www.exploit-db.com
www.zeroscience.mk

Back to CVE Database