CVE Daily

CVE-2025-7202

A Cross-Site Request Forgery (CSRF) in Elgato's Key Lights and related light pro...

Medium CVSS 5.1

Overview

A Cross-Site Request Forgery (CSRF) in Elgato's Key Lights and related light products allows an attacker to host a malicious webpage that remotely controlles the victim's lights.

CWE: CWE-352 Published: 2025-08-06T09:15:27.950
Risk analysis

This vulnerability is rated 🟡 MEDIUM.

  • CVSS: 5.1 (MEDIUM)
  • Detected tags: csrf (tag impact: MODERATE)

Recommended actions:

  • CSRF tokens, SameSite=Strict for cookies, validate Origin/Referer.

Recommended tools

Tags