Cyber Resilience

CVE-2019-25581

HighPublic PoC

Published: 21 March 2026

Published
21 March 2026
Modified
24 March 2026
KEV Added
Patch
CVSS Score v4 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0035 26.9th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2019-25581 is a high-severity SQL Injection (CWE-89) vulnerability in I-Doit I-Doit. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 26.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2019-25581 is an SQL injection vulnerability (CWE-89) in i-doit CMDB version 1.12. The flaw occurs through the objGroupID parameter, which fails to properly sanitize user input, allowing attackers to inject and execute arbitrary SQL queries. Affected systems include deployments of i-doit CMDB 1.12, with the vulnerability confirmed in the open-source edition available from SourceForge.

Unauthenticated attackers can exploit this vulnerability remotely over the network with low complexity, as indicated by its CVSS v3.1 base score of 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N). By sending crafted GET requests containing malicious SQL payloads in the objGroupID parameter, attackers can extract sensitive database information, such as usernames, database names, and version details, potentially leading to high confidentiality impacts with low integrity impacts.

Advisories, including the VulnCheck report on the i-doit CMDB SQL injection via the objGroupID parameter, document the issue, while an Exploit-DB entry (46134) provides a public proof-of-concept. The official i-doit website and vulnerable version download are referenced for further verification; security practitioners should check these sources for any available patches or upgrades beyond version 1.12.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

i-doit CMDB 1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the objGroupID parameter. Attackers can send GET requests with crafted SQL payloads in the objGroupID parameter to extract…

more

sensitive database information including usernames, database names, and version details.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1213.006 Databases Collection
Adversaries may leverage databases to mine valuable information.
Why these techniques?

SQL injection in unauthenticated public-facing web application enables initial access via T1190 and data collection from databases via arbitrary SQL query execution (T1213.006).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2018-25199Shared CWE-89
CVE-2026-27179Shared CWE-89
CVE-2025-0308Shared CWE-89
CVE-2026-27885Shared CWE-89
CVE-2019-25479Shared CWE-89
CVE-2026-1476Shared CWE-89
CVE-2019-25526Shared CWE-89
CVE-2025-69365Shared CWE-89
CVE-2019-25573Shared CWE-89
CVE-2019-25643Shared CWE-89

Affected Assets

i-doit
i-doit
1.12

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-10 directly prevents SQL injection by requiring validation and sanitization of untrusted inputs like the objGroupID parameter to block arbitrary SQL query execution.

prevent

SI-2 mandates timely identification, reporting, and correction of known flaws such as the SQL injection vulnerability in i-doit CMDB 1.12.

prevent

RA-5 uses vulnerability scanning to detect SQL injection issues like CVE-2019-25581 in web applications and triggers remediation.

References