CVE-2019-25325
Published: 12 February 2026
Summary
CVE-2019-25325 is a high-severity SQL Injection (CWE-89) vulnerability in Cxsecurity (inferred from references). Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 24.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2019-25325 is an SQL injection vulnerability (CWE-89) in Thrive Smart Home version 1.1, affecting the checklogin.php endpoint. The flaw arises from improper handling of the 'user' POST parameter, enabling attackers to inject malicious SQL payloads, such as ' or 1=1#, directly into login queries.
Unauthenticated attackers can exploit this vulnerability remotely over the network with low attack complexity and no user interaction or privileges required, as indicated by its CVSS v3.1 base score of 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N). Successful exploitation allows bypassing authentication mechanisms, granting unauthorized access to the application and potentially exposing sensitive data with high confidentiality impact and low integrity impact.
Advisories and related resources, including those at https://cxsecurity.com/issue/WLB-2020010019, https://exchange.xforce.ibmcloud.com/vulnerabilities/173728, https://packetstorm.news/files/id/155797, https://www.exploit-db.com/exploits/47814, and https://www.vulncheck.com/advisories/thrive-smart-home-smart-home-improper-limitation-o, document the issue and provide exploit details, though specific patch or mitigation guidance is not detailed in the core CVE information.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2019-19447
Vulnerability details
Thrive Smart Home 1.1 contains an SQL injection vulnerability in the checklogin.php endpoint that allows unauthenticated attackers to bypass authentication by manipulating the 'user' POST parameter. Attackers can inject malicious SQL code like ' or 1=1# to manipulate login queries…
more
and gain unauthorized access to the application.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SQL injection in login endpoint allows unauthenticated remote exploitation of a public-facing web application to bypass authentication and gain unauthorized access.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires validation of untrusted inputs like the 'user' POST parameter in checklogin.php to block SQL injection payloads and prevent authentication bypass.
Mandates timely identification, reporting, and remediation of flaws such as the SQL injection vulnerability in CVE-2019-25325 via patching or secure code updates.
Enforces boundary protection at network interfaces using web application firewalls or similar to detect and block SQL injection attempts targeting the login endpoint.