CVE-2025-63953 — MEDIUM (6.5)

Vulnerability Description

A Cross-Site Request Forgery (CSRF) in the /usapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Magewell	Ultra Encode Hdmi Firmware	2.3.206
Magewell	Ultra Encode Hdmi	-
Magewell	Ultra Encode Sdi Firmware	2.3.206
Magewell	Ultra Encode Sdi	-
Magewell	Ultra Encode Hdmi Plus Firmware	2.3.206
Magewell	Ultra Encode Hdmi Plus	-
Magewell	Ultra Encode Sdi Plus Firmware	2.3.206
Magewell	Ultra Encode Sdi Plus	-
Magewell	Ultra Encode Aio Firmware	2.3.206
Magewell	Ultra Encode Aio	-

Related Weaknesses (CWE)

CWE-352

References

https://github.com/iyadalkhatib98/My_CVES/tree/main/CVE-2025-63953ExploitThird Party AdvisoryMitigation
https://www.magewell.comProduct

FAQ

What is CVE-2025-63953?

CVE-2025-63953 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A Cross-Site Request Forgery (CSRF) in the /usapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request.

How severe is CVE-2025-63953?

CVE-2025-63953 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-63953?

Check the references section above for vendor advisories and patch information. Affected products include: Magewell Ultra Encode Hdmi Firmware, Magewell Ultra Encode Hdmi, Magewell Ultra Encode Sdi Firmware, Magewell Ultra Encode Sdi, Magewell Ultra Encode Hdmi Plus Firmware.