CVE-2025-63226 — MEDIUM (5.7)

Vulnerability Description

The Sencore SMP100 SMP Media Platform (firmware versions V4.2.160, V60.1.4, V60.1.29) is vulnerable to session hijacking due to improper session management on the /UserManagement.html endpoint. Attackers who are on the same network as the victim and have access to the target's logged-in session can access the endpoint and add new users without any authentication. This allows attackers to gain unauthorized access to the system and perform malicious activities.

CVSS Score

5.7

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Sencore	Decoder-Ccv2 Firmware	60.1.4
Sencore	Decoder-Ccv2	-
Sencore	Smp100 Firmware	4.2.160
Sencore	Smp100	-
Sencore	En2Sdi-2Hd Firmware	60.1.29
Sencore	En2Sdi-2Hd	-

Related Weaknesses (CWE)

CWE-613

References

https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-6322Third Party Advisory
https://www.sencore.com/Product

FAQ

What is CVE-2025-63226?

CVE-2025-63226 is a vulnerability with a CVSS score of 5.7 (MEDIUM). The Sencore SMP100 SMP Media Platform (firmware versions V4.2.160, V60.1.4, V60.1.29) is vulnerable to session hijacking due to improper session management on the /UserManagement.html endpoint. Attack...

How severe is CVE-2025-63226?

CVE-2025-63226 has been rated MEDIUM with a CVSS base score of 5.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-63226?

Check the references section above for vendor advisories and patch information. Affected products include: Sencore Decoder-Ccv2 Firmware, Sencore Decoder-Ccv2, Sencore Smp100 Firmware, Sencore Smp100, Sencore En2Sdi-2Hd Firmware.