{"id":"CVE-2025-63226","details":"The Sencore SMP100 SMP Media Platform (firmware versions V4.2.160, V60.1.4, V60.1.29) is vulnerable to session hijacking due to improper session management on the /UserManagement.html endpoint. Attackers who are on the same network as the victim and have access to the target's logged-in session can access the endpoint and add new users without any authentication. This allows attackers to gain unauthorized access to the system and perform malicious activities.","modified":"2026-03-13T03:40:43.723265Z","published":"2025-11-18T20:15:47.583Z","references":[{"type":"WEB","url":"https://www.sencore.com/"},{"type":"ADVISORY","url":"https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63226_Sencore_SMP100_Session_Hijacking"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-63226.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"60.1.4"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.160"}]},{"events":[{"introduced":"0"},{"last_affected":"60.1.29"}]}]}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}]}