Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2019-25251

🗓️ 24 Dec 2025 19:28:03Reported by VulnCheckType 
cve
 cve🔗 web.nvd.nist.gov👁 10 Views🌐 WEB

Teradek VidiU Pro 3.0.3 SSRF via management interface enables manipulation of url and xml_url.

Related
Detection
Affected
Refs
Paths
ReporterTitlePublishedViews
Family
Circl		CVE-2019-25251
5 Jan 202616:34
circl
CNNVD		Teradek VidiU Pro 安全漏洞
24 Dec 202500:00
cnnvd
Cvelist		CVE-2019-25251 Teradek VidiU Pro 3.0.3 Server-Side Request Forgery via RTMP Settings
24 Dec 202519:28
cvelist
EUVD		EUVD-2025-205304
24 Dec 202521:30
euvd
NVD		CVE-2019-25251
24 Dec 202520:15
nvd
Positive Technologies		PT-2025-53337
24 Dec 202500:00
ptsecurity
Vulnrichment		CVE-2019-25251 Teradek VidiU Pro 3.0.3 Server-Side Request Forgery via RTMP Settings
24 Dec 202519:28
vulnrichment
Zero Science Lab		Teradek VidiU Pro 3.0.3 SSRF Vulnerability
21 May 201800:00
zeroscience
NVD
Vulners
Node
teradekvidiu_pro_firmwareMatch2.4.10
OR
teradekvidiu_pro_firmwareMatch3.0.2build31225
OR
teradekvidiu_pro_firmwareMatch3.0.3build32136
AND
teradekvidiu_proMatch-
Node
teradekvidiu_firmwareMatch2.4.10
OR
teradekvidiu_firmwareMatch3.0.2build31225
OR
teradekvidiu_firmwareMatch3.0.3build32136
AND
teradekvidiuMatch-
Node
teradekvidiu_mini_firmwareMatch2.4.10
OR
teradekvidiu_mini_firmwareMatch3.0.2build31225
OR
teradekvidiu_mini_firmwareMatch3.0.3build32136
AND
teradekvidiu_miniMatch-
[
  {
    "vendor": "Teradek, LLC",
    "product": "VidiU Pro",
    "versions": [
      {
        "version": "3.0.3r32136",
        "status": "affected"
      },
      {
        "version": "3.0.2r31225",
        "status": "affected"
      },
      {
        "version": "2.4.10",
        "status": "affected"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
commandquery paramcgi-bin/wowza.cgiSSRF via GET parameter 'url' in the Wowza CGI interface to load external resourcesCWE-918
urlquery paramcgi-bin/wowza.cgiSSRF via GET parameter 'url' in the Wowza CGI interface to load external resourcesCWE-918
commandquery paramcgi-bin/system.cgiSSRF via GET parameter 'xml_url' (and related parameters) in the system CGI to fetch XML data from an arbitrary URLCWE-918
actionquery paramcgi-bin/system.cgiSSRF via GET parameter 'xml_url' (and related parameters) in the system CGI to fetch XML data from an arbitrary URLCWE-918
xml_urlquery paramcgi-bin/system.cgiSSRF via GET parameter 'xml_url' (and related parameters) in the system CGI to fetch XML data from an arbitrary URLCWE-918

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
26 Jan 2026 16:15Current
6.7Medium risk
Vulners AI Score6.7
CVSS 3.16.5
CVSS 46.9
EPSS0.00017
SSVC
CWE-918
teradek vidiu proserver side forgerymanagement interfaceurl manipulationxml urlexternal requestsfirewall bypasscve 2019 25251
10