Web Vulnerabilities in Legrand BTicino Driver Manager F454
CVE-2019-25244

5.1MEDIUM

Key Information:

Vendor

Bticino S.p.a.

Status
Legrand Bticino Driver Manager F454
Vendor
CVE Published:
24 December 2025

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2019-25244?

Legrand's BTicino Driver Manager F454 version 1.0.51 is exposed to several web vulnerabilities that enable attackers to perform unauthorized administrative actions due to inadequate request validation. These vulnerabilities include risks of cross-site request forgery, which can permit attackers to alter passwords, as well as the potential for stored cross-site scripting attacks via unvalidated GET parameters. This poses a significant risk to the platform and its users, as malicious payloads can be injected, compromising the integrity and confidentiality of information.

Affected Version(s)

Legrand BTicino Driver Manager F454 1.0.51

Legrand BTicino Driver Manager F454 1.1.14

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2019-25244 - Proof of Concept

References

https://www.exploit-db.com/exploits/46850
exploit
https://www.bticino.com
product
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-55...
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

LiquidWorm as Gjoko Krstic of Zero Science Lab
JSON
.
CVE-2019-25244 : Web Vulnerabilities in Legrand BTicino Driver Manager F454