CVE-2019-25244

low-risk

Published 2025-12-24

Legrand BTicino Driver Manager F454 1.0.51 contains multiple web vulnerabilities that allow attackers to perform administrative actions without proper request validation. Attackers can exploit cross-site request forgery to change passwords and inject stored cross-site scripting payloads through unvalidated GET parameters.

Do I need to act?

-

0.06% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

5

CVSS 5.3/10 Medium

NETWORK / LOW complexity

References (7)

https://www.bticino.com

https://www.exploit-db.com/exploits/46850

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5521.php

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5522.php

https://www.exploit-db.com/exploits/46850

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5521.php

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5522.php

26

/ 100

low-risk

Severity 21/34 · High

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal