CVE-CVE-2019-25242 | MEDIUM Severity | CVEDatabase.com

Description

FaceSentry Access Control System 6.4.8 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change administrator passwords, add new admin users, or open access control doors by tricking authenticated users into loading a specially crafted webpage.

CVSS Metrics

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector: network
Complexity: low
Privileges: none
User Action: active
Confidentiality: undefined
Integrity: undefined
Availability: undefined
Weaknesses: CWE-352

Metadata

Primary Vendor: IWT
Published: 12/24/2025
Last Modified: 12/30/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

iwt : facesentry_access_control_system_firmwareiwt : facesentry_access_control_system_firmwareiwt : facesentry_access_control_system_firmware

AI-Powered Remediation

Generate remediation guidance or a C-suite brief for this vulnerability.

Executive Intelligence Brief

View on NIST NVD