CVE-2025-63226 – This vulnerability allows attackers on the same... (How to Fix)

Q: What is the severity of CVE-2025-63226?

CVE-2025-63226 has a CVSS score of 5.7 (MEDIUM). This vulnerability allows attackers on the same network as a logged-in user to hijack their session and add unauthorized administrative accounts to the Sencore SMP100 Media Platform. Attackers can then gain full system access and perform malicious activities. Only users of Sencore SMP100 with vulnerable firmware versions are affected.

📋 TL;DR

This vulnerability allows attackers on the same network as a logged-in user to hijack their session and add unauthorized administrative accounts to the Sencore SMP100 Media Platform. Attackers can then gain full system access and perform malicious activities. Only users of Sencore SMP100 with vulnerable firmware versions are affected.

💻 Affected Systems

Products:

Sencore SMP100 SMP Media Platform

Versions: V4.2.160, V60.1.4, V60.1.29

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Requires attacker to be on same network as victim with active session

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain full administrative control over the media platform, allowing them to disrupt operations, steal sensitive media content, or use the device as a pivot point into the network.

🟠

Likely Case

Attackers create backdoor administrative accounts to maintain persistent access, potentially leading to data theft or service disruption.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to the isolated media platform segment.

🌐 Internet-Facing: LOW

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires network access and victim's active session

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.sencore.com/

Restart Required: No

Instructions:

Check vendor website for security updates and patch notes

🔧 Temporary Workarounds

Network Segmentation

all

Isolate SMP100 devices on dedicated VLAN with strict access controls

Session Timeout Reduction

all

Configure shorter session timeout periods if supported

🧯 If You Can't Patch

Segment SMP100 devices on isolated network segments with firewall rules restricting access to authorized IPs only
Implement strict access controls and monitor for unauthorized user creation attempts

🔍 How to Verify

Check if Vulnerable:

Check firmware version via web interface and compare against vulnerable versions

Check Version:

Access web interface and navigate to system information page

Verify Fix Applied:

Verify firmware version is updated beyond vulnerable versions and test session hijacking attempts

📡 Detection & Monitoring

Log Indicators:

Unauthorized user creation events
Multiple failed login attempts followed by successful user creation

Network Indicators:

Unusual HTTP POST requests to /UserManagement.html from unexpected IPs

SIEM Query:

source="smp100" AND (event="user_created" OR url="/UserManagement.html")

📊 Metadata

CVE ID: CVE-2025-63226

CVSS v3 Score: 5.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE: CWE-613

EPSS Score: 0.04% exploit probability (11.8th percentile)

Published: November 18, 2025

Last Updated: February 13, 2026

🔗 References

https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63226_Sencore_SMP100_Session_Hijacking Third Party Advisory
https://www.sencore.com/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-63226, you might also want to check these: