CVE-2025-63226 identifies a critical vulnerability in the Sencore SMP100 SMP Media Platform, specifically affecting firmware versions V4.2.160, V60.1.4, and V60.1.29. The root cause is improper session management on the /UserManagement.html endpoint, which allows attackers who share the same network as a logged-in user to hijack the session. By leveraging this hijacked session, attackers can access the user management interface without additional authentication and add new users. This unauthorized user creation capability enables attackers to maintain persistent access and execute further malicious actions on the device, potentially compromising the system's confidentiality, integrity, and availability. The attack vector requires network proximity and access to an active session, implying that attackers must be on the same local network or have network-level access such as VPN or compromised internal segments. No user interaction is needed once the attacker has session access. Although no public exploits have been reported yet, the vulnerability poses a significant risk due to the ease of exploitation and the critical nature of the affected endpoint. The absence of a CVSS score necessitates an independent severity evaluation. This vulnerability is particularly concerning for organizations relying on the Sencore SMP100 platform for media processing or distribution, as unauthorized access could disrupt operations or lead to data breaches. The vulnerability was published on November 18, 2025, with the reservation date on October 27, 2025. No patches or mitigations have been officially released at the time of reporting, increasing the urgency for defensive measures.

For European organizations, this vulnerability could lead to unauthorized access and control over critical media platform infrastructure, resulting in potential data breaches, service disruptions, and unauthorized content manipulation. The ability to add users without authentication undermines access controls and could facilitate lateral movement within corporate networks. Confidentiality is at risk as attackers could access sensitive configuration and user data. Integrity could be compromised by unauthorized changes to system settings or content distribution. Availability might be affected if attackers disrupt media services or lock out legitimate users. Organizations in broadcasting, media production, and content delivery sectors are especially vulnerable. The requirement for network proximity limits remote exploitation but does not eliminate risk, as attackers could gain internal network access through phishing, VPN compromise, or insider threats. The lack of known exploits suggests a window for proactive defense, but also means organizations should prioritize patching and monitoring to prevent future exploitation. Failure to address this vulnerability could lead to regulatory non-compliance under GDPR if personal or sensitive data is exposed.

1. Implement strict network segmentation to isolate Sencore SMP100 devices from general user networks, limiting access to trusted administrators only. 2. Monitor network traffic for unusual access patterns to the /UserManagement.html endpoint, including unexpected user creation events. 3. Enforce strong internal access controls and multi-factor authentication on management interfaces where possible. 4. Restrict physical and network access to devices to prevent unauthorized local network presence. 5. Regularly audit user accounts on the platform to detect unauthorized additions or privilege escalations. 6. Engage with Sencore for firmware updates or patches addressing this vulnerability and apply them promptly once available. 7. Educate network administrators and security teams about the risk of session hijacking and the importance of session management hygiene. 8. Deploy network intrusion detection/prevention systems (IDS/IPS) tuned to detect session hijacking attempts or anomalous management interface activity. 9. Consider temporary compensating controls such as disabling remote management interfaces if not essential. 10. Maintain up-to-date asset inventories to quickly identify affected devices and prioritize remediation.