Cyber Resilience

CVE-2019-25298

HighPublic PoC

Published: 06 February 2026

Published
06 February 2026
Modified
02 March 2026
KEV Added
Patch
CVSS Score v4 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0037 28.8th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2019-25298 is a high-severity SQL Injection (CWE-89) vulnerability in Lolypop55 Html5 Snmp. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 28.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2019-25298 affects html5_snmp version 1.11 and consists of multiple SQL injection vulnerabilities in the Router_ID and Router_IP parameters. These flaws allow attackers to manipulate database queries using error-based, time-based, and union-based injection techniques. By sending crafted payloads, attackers can potentially extract or modify database information. The vulnerability is rated with a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H) and is associated with CWE-89.

Remote attackers can exploit this vulnerability over the network with low attack complexity, requiring no privileges or user interaction. Unauthenticated adversaries can target the affected parameters in requests to inject malicious SQL, enabling them to alter database queries and achieve high impacts on integrity and availability, such as modifying or disrupting data.

Advisories and related resources include the Vulncheck advisory on the htmlsnmp Router_ID SQL injection at https://www.vulncheck.com/advisories/htmlsnmp-routerid-sql-injection, a public exploit on Exploit-DB at https://www.exploit-db.com/exploits/47588, and the project repository at https://github.com/lolypop55/html5_snmp. Practitioners should consult these for mitigation guidance and patching details.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

html5_snmp 1.11 contains multiple SQL injection vulnerabilities that allow attackers to manipulate database queries through Router_ID and Router_IP parameters. Attackers can exploit error-based, time-based, and union-based injection techniques to potentially extract or modify database information by sending crafted payloads.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Unauthenticated remote SQL injection in a public-facing web app (html5_snmp) directly enables exploitation over the network, matching T1190.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-24956Shared CWE-89
CVE-2026-33615Shared CWE-89
CVE-2025-28939Shared CWE-89
CVE-2021-47872Shared CWE-89
CVE-2025-28873Shared CWE-89
CVE-2019-25636Shared CWE-89
CVE-2026-32611Shared CWE-89
CVE-2026-42755Shared CWE-89
CVE-2024-53544Shared CWE-89
CVE-2026-21410Shared CWE-89

Affected Assets

lolypop55
html5 snmp
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents SQL injection by validating Router_ID and Router_IP parameters against malicious payloads using defined tools and procedures.

prevent

Mandates identification, reporting, and correction of the specific SQL injection flaws in html5_snmp version 1.11.

prevent

Mitigates error-based SQL injection by suppressing discernible database error messages that could aid attackers.

References