CVE-2019-25244

🗓️ 24 Dec 2025 19:27:59Reported by VulnCheckType

cve🔗 web.nvd.nist.gov👁 10 Views🌐 WEB

CVE-2019-25244 in Legrand BTicino Driver Manager F454 1.0.51 enables CSRF to change passwords and stored XSS via unvalidated GETs.

Reporter	Title	Published	Views	Family All 8
CNNVD	BTicino Legrand BTicino Driver Manager 安全漏洞	24 Dec 202500:00	–	cnnvd
Cvelist	CVE-2019-25244 Legrand BTicino Driver Manager F454 1.0.51 CSRF and Stored XSS Vulnerabilities	24 Dec 202519:27	–	cvelist
EUVD	EUVD-2025-205321	24 Dec 202521:30	–	euvd
NVD	CVE-2019-25244	24 Dec 202520:15	–	nvd
Positive Technologies	PT-2025-53330	24 Dec 202500:00	–	ptsecurity
Vulnrichment	CVE-2019-25244 Legrand BTicino Driver Manager F454 1.0.51 CSRF and Stored XSS Vulnerabilities	24 Dec 202519:27	–	vulnrichment
Zero Science Lab	Legrand BTicino Driver Manager F454 1.0.51 CSRF Change Password Exploit	15 May 201900:00	–	zeroscience
Zero Science Lab	Legrand BTicino Driver Manager F454 1.0.51 Authenticated Stored XSS Exploit	15 May 201900:00	–	zeroscience

Vulners

Node

bticino_s.p.a.legrand_bticino_driver_manager_f454Match1.0.51

bticino_s.p.a.legrand_bticino_driver_manager_f454Match1.1.14

[
  {
    "vendor": "BTicino S.p.A.",
    "product": "Legrand BTicino Driver Manager F454",
    "versions": [
      {
        "version": "1.0.51",
        "status": "affected"
      },
      {
        "version": "1.1.14",
        "status": "affected"
      }
    ]
  }
]

Source	Link
bticino	www.bticino.com/
zeroscience	www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5522.php
exploit-db	www.exploit-db.com/exploits/46850
zeroscience	www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5521.php

Parameter	Position	Path	Description	CWE
server	query param	system/time.ntp.php	Authenticated stored XSS via GET parameter 'server' that is not sanitized before reflecting in the response.	CWE-79

17 Jun 2026 02:31Current

6.2Medium risk

Vulners AI Score6.2

CVSS 45.1

CVSS 3.15.3

EPSS0.00216

SSVC

CWE-79