CVE-2025-63953

A Cross-Site Request Forgery (CSRF) in the /usapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/iyadalkhatib98/My_CVES/tree/main/CVE-2025-63953	Exploit Third Party Advisory Mitigation
https://www.magewell.com	Product

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:magewell:ultra_encode_hdmi_firmware:2.3.206:*:*:*:*:*:*:*

cpe:2.3:h:magewell:ultra_encode_hdmi:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:magewell:ultra_encode_sdi_firmware:2.3.206:*:*:*:*:*:*:*

cpe:2.3:h:magewell:ultra_encode_sdi:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:magewell:ultra_encode_hdmi_plus_firmware:2.3.206:*:*:*:*:*:*:*

cpe:2.3:h:magewell:ultra_encode_hdmi_plus:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:magewell:ultra_encode_sdi_plus_firmware:2.3.206:*:*:*:*:*:*:*

cpe:2.3:h:magewell:ultra_encode_sdi_plus:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:magewell:ultra_encode_aio_firmware:2.3.206:*:*:*:*:*:*:*

cpe:2.3:h:magewell:ultra_encode_aio:-:*:*:*:*:*:*:*

History

30 Dec 2025, 17:58

Type	Values Removed	Values Added
CPE		cpe:2.3:h:magewell:ultra_encode_sdi_plus:-:::::::* cpe:2.3:h:magewell:ultra_encode_hdmi:-:::::::* cpe:2.3:h:magewell:ultra_encode_aio:-:::::::* cpe:2.3:o:magewell:ultra_encode_sdi_plus_firmware:2.3.206:::::::* cpe:2.3:o:magewell:ultra_encode_sdi_firmware:2.3.206:::::::* cpe:2.3:o:magewell:ultra_encode_hdmi_plus_firmware:2.3.206:::::::* cpe:2.3:o:magewell:ultra_encode_aio_firmware:2.3.206:::::::* cpe:2.3:h:magewell:ultra_encode_sdi:-:::::::* cpe:2.3:h:magewell:ultra_encode_hdmi_plus:-:::::::* cpe:2.3:o:magewell:ultra_encode_hdmi_firmware:2.3.206:::::::*
First Time		Magewell ultra Encode Sdi Firmware Magewell ultra Encode Hdmi Plus Firmware Magewell ultra Encode Sdi Plus Firmware Magewell ultra Encode Aio Firmware Magewell ultra Encode Aio Magewell ultra Encode Sdi Magewell ultra Encode Sdi Plus Magewell Magewell ultra Encode Hdmi Plus Magewell ultra Encode Hdmi Magewell ultra Encode Hdmi Firmware
References	~~() https://github.com/iyadalkhatib98/My_CVES/tree/main/CVE-2025-63953 -~~	() https://github.com/iyadalkhatib98/My_CVES/tree/main/CVE-2025-63953 - Exploit, Third Party Advisory, Mitigation
References	~~() https://www.magewell.com -~~	() https://www.magewell.com - Product

24 Nov 2025, 19:15

Type	Values Removed	Values Added
CWE		CWE-352
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.5

24 Nov 2025, 17:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-11-24 17:16

Updated : 2025-12-30 17:58

NVD link : CVE-2025-63953

Mitre link : CVE-2025-63953

CVE.ORG link : CVE-2025-63953

JSON object : View

Products Affected

magewell

ultra_encode_hdmi
ultra_encode_sdi_firmware
ultra_encode_aio_firmware
ultra_encode_sdi
ultra_encode_hdmi_plus
ultra_encode_aio
ultra_encode_hdmi_firmware
ultra_encode_sdi_plus_firmware
ultra_encode_sdi_plus
ultra_encode_hdmi_plus_firmware

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

6.5 /10