Skip to main content

CVE-2025-7202: CWE-352 Cross-Site Request Forgery (CSRF) in Elgato Key Light

Medium
VulnerabilityCVE-2025-7202cvecve-2025-7202cwe-352
Published: Wed Aug 06 2025 (08/06/2025, 08:28:23 UTC)
Source: CVE Database V5
Vendor/Project: Elgato
Product: Key Light

Description

A Cross-Site Request Forgery (CSRF) in Elgato's Key Lights and related light products allows an attacker to host a malicious webpage that remotely controlles the victim's lights.

AI-Powered Analysis

AILast updated: 08/06/2025, 09:02:54 UTC

Technical Analysis

CVE-2025-7202 is a Cross-Site Request Forgery (CSRF) vulnerability affecting Elgato's Key Light and related lighting products. This vulnerability allows an attacker to craft a malicious webpage that, when visited by a victim, can remotely control the victim's Key Light devices without their consent. The attack exploits the lack of proper CSRF protections in the device's web interface or control API, enabling unauthorized commands to be executed. Since the vulnerability requires the victim to visit a malicious webpage (user interaction), and no authentication or privileges are required for exploitation, the attack surface is broad. The CVSS 4.0 score of 5.1 (medium severity) reflects the network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), but user interaction is necessary (UI:A). The impact on confidentiality is none, but integrity is low due to unauthorized control of device state, and availability is not affected. No known exploits are currently reported in the wild, and no patches have been published yet. The vulnerability is classified under CWE-352, which is a common web security weakness related to CSRF attacks. The affected version is listed as '0', which likely indicates all current versions or an unspecified version range. The vulnerability was published on August 6, 2025, and assigned by the security firm Toreon.

Potential Impact

For European organizations, especially those using Elgato Key Light devices in office environments, broadcast studios, or remote work setups, this vulnerability could lead to unauthorized manipulation of lighting systems. While the direct impact on critical business operations is limited, the ability to control lighting remotely could be leveraged for social engineering, distraction, or as part of a broader attack chain. For example, attackers could disrupt video conferences or presentations by turning lights on/off or changing brightness, potentially causing operational disruptions or reputational damage. Since the vulnerability requires user interaction (visiting a malicious webpage), phishing campaigns targeting employees could be an effective attack vector. The lack of confidentiality impact means sensitive data is not directly at risk, but integrity of device control is compromised. Organizations with strict security policies and awareness training may reduce risk, but those with less mature cybersecurity postures could be more vulnerable. The absence of patches means mitigation relies on network and endpoint controls. Given the increasing use of smart office devices in Europe, this vulnerability could affect a wide range of sectors including media, corporate offices, and remote work environments.

Mitigation Recommendations

To mitigate this vulnerability, European organizations should implement the following specific measures: 1) Network segmentation: Isolate Key Light devices on a separate VLAN or network segment with restricted access to reduce exposure to malicious web content. 2) Web filtering and URL reputation services: Block access to known malicious websites and implement browser security policies to prevent employees from visiting untrusted sites that could host CSRF attack pages. 3) Endpoint security: Deploy browser security extensions or endpoint protection solutions that can detect and block CSRF attack patterns or suspicious web requests. 4) User awareness training: Educate employees about the risks of visiting untrusted websites and the potential for smart device manipulation via CSRF. 5) Device configuration review: Check if the Key Light devices support any firmware updates or configuration options to enable CSRF protections or require authentication for remote control. 6) Monitor network traffic for unusual commands sent to Key Light devices, which could indicate exploitation attempts. 7) Engage with Elgato support to obtain information on upcoming patches or firmware updates addressing this vulnerability and plan timely deployment once available.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
Toreon
Date Reserved
2025-07-07T09:57:43.476Z
Cvss Version
4.0
State
PUBLISHED

Threat ID: 689316b1ad5a09ad00efb4ce

Added to database: 8/6/2025, 8:47:45 AM

Last enriched: 8/6/2025, 9:02:54 AM

Last updated: 8/16/2025, 10:22:40 AM

Views: 21

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats