CVE-2019-25259

low-risk

Published 2026-01-08

Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can trick logged-in users into executing unauthorized actions by crafting malicious web pages that submit requests to the application.

Do I need to act?

0.02% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.3/10 Medium

NETWORK / LOW complexity

References (5)

https://exchange.xforce.ibmcloud.com/vulnerabilities/155275

https://leica-geosystems.com/en-us

https://packetstormsecurity.com/files/151040

https://www.exploit-db.com/exploits/46090

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5502.php

/ 100

low-risk

Severity 21/34 · High

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal