CVE-2025-56009:

CSRF vulnerability in KeeneticOS allows device takeover via unauthorized user addition.

Score
A numerical rating that indicates how dangerous this vulnerability is.

5.3Medium

Published Date:Oct 23, 2025
CISA KEV Date:*No Data*
Industries Affected:20

Threat Predictions

EPSS Score:0.0
EPSS Percentile:7%

Exploitability

Score:3.9
Attack Vector:NETWORK
Attack Complexity:LOW
Privileges Required:NONE
User Interaction:NONE
Scope:UNCHANGED

Impact

Score:1.4
Confidentiality Impact:LOW
Integrity Impact:NONE
Availability Impact:NONE

Description Preview

CSRF vulnerability in KeeneticOS allows device takeover via unauthorized user addition.

Overview

The vulnerability (CVE-2025-56009) in KeeneticOS affects versions before 4.3 and is classified as medium severity with a CVSS v3.1 base score of 5.3. It exploits a cross-site request forgery weakness (CWE-352) at the "/rci" API endpoint. Attackers can leverage this vulnerability to add unauthorized users with full permissions, effectively taking over the device. The attack vector is network-based, requires low attack complexity, and does not need privileges or user interaction. While the confidentiality impact is low, there is no direct impact on integrity or availability. The vulnerability was published on October 23, 2025, and affects the security of Keenetic devices.

Remediation

To mitigate this vulnerability, users should take the following actions:
1. Update KeeneticOS to version 4.3 or later as soon as it becomes available.
2. Implement strong CSRF protection measures on the "/rci" API endpoint.
3. Regularly monitor and audit user accounts and permissions on Keenetic devices.
4. Educate users about the risks of opening untrusted links or pages, especially when logged into the device's admin interface.
5. Consider implementing additional security measures such as two-factor authentication for administrative actions.