CVE-2025-63226 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

The Sencore SMP100 SMP Media Platform (firmware versions V4.2.160, V60.1.4, V60.1.29) is vulnerable to session hijacking due to improper session management on t…
Medium CVSS: 5.7

CVE-2025-63226

The Sencore SMP100 SMP Media Platform (firmware versions V4.2.160, V60.1.4, V60.1.29) is vulnerable to session hijacking due to improper session management on the /UserManagement.html endpoint. Attackers who are on the same network as the victim and have access to the target's logged-in session can access the endpoint and add new users without any authentication. This allows attackers to gain unauthorized access to the system and perform malicious activities.
Vendor
Sencore
Product
Decoder-ccv2 Firmware
CWE
CWE-613
Yayın Tarihi
2025-11-18 20:15:47
Güncelleme
2026-02-13 16:13:55
Source Identifier
cve@mitre.org
KEV Date Added
-

Kategoriler

CWE-613 Decoder-ccv2 Firmware MEDIUM Sencore 2025

Referanslar

https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63226_Sencore_SMP100_Session_Hijacking https://www.sencore.com/