1. Home
  2. CVE Database
  3. CVE-2025-63952
MEDIUM · 5.7

CVE-2025-63952

A Cross-Site Request Forgery (CSRF) in the /mwapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request.

Vulnerability Description

A Cross-Site Request Forgery (CSRF) in the /mwapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request.

CVSS Score

5.7

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
NONE
Integrity
HIGH
Availability
NONE

Affected Products

VendorProductVersions
MagewellPro Convert Hdmi 4K Plus Firmware1.2.213
MagewellPro Convert Hdmi 4K Plus-
MagewellPro Convert Hdmi Plus Firmware1.2.213
MagewellPro Convert Hdmi Plus-
MagewellPro Convert Hdmi Tx Firmware1.2.213
MagewellPro Convert Hdmi Tx-
MagewellPro Convert 12G Sdi 4K Plus Firmware1.2.213
MagewellPro Convert 12G Sdi 4K Plus-
MagewellPro Convert Sdi 4K Plus Firmware1.2.213
MagewellPro Convert Sdi 4K Plus-
MagewellPro Convert Sdi Plus Firmware1.2.213
MagewellPro Convert Sdi Plus-
MagewellPro Convert Sdi Tx Firmware1.2.213
MagewellPro Convert Sdi Tx-
MagewellPro Convert For Ndi To Hdmi Firmware1.2.213
MagewellPro Convert For Ndi To Hdmi-
MagewellPro Convert For Ndi To Hdmi 4K Firmware1.2.213
MagewellPro Convert For Ndi To Hdmi 4K-
MagewellPro Convert For Ndi To Aio Firmware1.2.213
MagewellPro Convert For Ndi To Aio-

Related Weaknesses (CWE)

CWE-352

References

FAQ

What is CVE-2025-63952?

CVE-2025-63952 is a vulnerability with a CVSS score of 5.7 (MEDIUM). A Cross-Site Request Forgery (CSRF) in the /mwapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request.

How severe is CVE-2025-63952?

CVE-2025-63952 has been rated MEDIUM with a CVSS base score of 5.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-63952?

Check the references section above for vendor advisories and patch information. Affected products include: Magewell Pro Convert Hdmi 4K Plus Firmware, Magewell Pro Convert Hdmi 4K Plus, Magewell Pro Convert Hdmi Plus Firmware, Magewell Pro Convert Hdmi Plus, Magewell Pro Convert Hdmi Tx Firmware.