CVE-2025-63953 - Vulnerability Details

Description

A Cross-Site Request Forgery (CSRF) in the /usapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request.

Published: 2025-11-24

Score: 6.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:magewell:ultra_encode_hdmi_firmware:2.3.206:*:*:*:*:*:*:*

cpe:2.3:h:magewell:ultra_encode_hdmi:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:magewell:ultra_encode_sdi_firmware:2.3.206:*:*:*:*:*:*:*

cpe:2.3:h:magewell:ultra_encode_sdi:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:magewell:ultra_encode_hdmi_plus_firmware:2.3.206:*:*:*:*:*:*:*

cpe:2.3:h:magewell:ultra_encode_hdmi_plus:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:magewell:ultra_encode_sdi_plus_firmware:2.3.206:*:*:*:*:*:*:*

cpe:2.3:h:magewell:ultra_encode_sdi_plus:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:magewell:ultra_encode_aio_firmware:2.3.206:*:*:*:*:*:*:*

cpe:2.3:h:magewell:ultra_encode_aio:-:*:*:*:*:*:*:*

No data.

Vendor	Product	Confidence	Versions
Magewell	Convert	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00035.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/iyadalkhatib98/My_CVES/tree/main/CVE-2025-63953
https://www.magewell.com

History

Tue, 30 Dec 2025 18:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Magewell ultra Encode Aio Magewell ultra Encode Aio Firmware Magewell ultra Encode Hdmi Magewell ultra Encode Hdmi Firmware Magewell ultra Encode Hdmi Plus Magewell ultra Encode Hdmi Plus Firmware Magewell ultra Encode Sdi Magewell ultra Encode Sdi Firmware Magewell ultra Encode Sdi Plus Magewell ultra Encode Sdi Plus Firmware
CPEs		cpe:2.3:h:magewell:ultra_encode_aio:-:::::::* cpe:2.3:h:magewell:ultra_encode_hdmi:-:::::::* cpe:2.3:h:magewell:ultra_encode_hdmi_plus:-:::::::* cpe:2.3:h:magewell:ultra_encode_sdi:-:::::::* cpe:2.3:h:magewell:ultra_encode_sdi_plus:-:::::::* cpe:2.3:o:magewell:ultra_encode_aio_firmware:2.3.206:::::::* cpe:2.3:o:magewell:ultra_encode_hdmi_firmware:2.3.206:::::::* cpe:2.3:o:magewell:ultra_encode_hdmi_plus_firmware:2.3.206:::::::* cpe:2.3:o:magewell:ultra_encode_sdi_firmware:2.3.206:::::::* cpe:2.3:o:magewell:ultra_encode_sdi_plus_firmware:2.3.206:::::::*
Vendors & Products		Magewell ultra Encode Aio Magewell ultra Encode Aio Firmware Magewell ultra Encode Hdmi Magewell ultra Encode Hdmi Firmware Magewell ultra Encode Hdmi Plus Magewell ultra Encode Hdmi Plus Firmware Magewell ultra Encode Sdi Magewell ultra Encode Sdi Firmware Magewell ultra Encode Sdi Plus Magewell ultra Encode Sdi Plus Firmware

Wed, 26 Nov 2025 11:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Magewell Magewell convert
Vendors & Products		Magewell Magewell convert

Mon, 24 Nov 2025 19:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-352
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 24 Nov 2025 16:45:00 +0000

Type	Values Removed	Values Added
Description		A Cross-Site Request Forgery (CSRF) in the /usapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request.
References		https://github.com/iyadalkhatib98/My_CVES/tree/main/CVE-2025-63953 https://www.magewell.com

Subscriptions

Magewell Convert Ultra Encode Aio Ultra Encode Aio Firmware Ultra Encode Hdmi Ultra Encode Hdmi Firmware Ultra Encode Hdmi Plus Ultra Encode Hdmi Plus Firmware Ultra Encode Sdi Ultra Encode Sdi Firmware Ultra Encode Sdi Plus Ultra Encode Sdi Plus Firmware

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2025-11-24T00:00:00.000Z

Updated: 2025-11-24T19:03:16.840Z

Reserved: 2025-10-27T00:00:00.000Z

Link: CVE-2025-63953

Vulnrichment

Updated: 2025-11-24T19:02:36.328Z

NVD

Status : Analyzed

Published: 2025-11-24T17:16:08.760

Modified: 2025-12-30T17:58:54.510

Link: CVE-2025-63953

Redhat

No data.

OpenCVE Enrichment

Updated: 2025-11-26T11:10:44Z

Weaknesses

CWE-352

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object