Cyber Posture

CVE-2019-25325

HighPublic PoC

Published: 12 February 2026

Published
12 February 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
EPSS Score 0.0047 64.6th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Description

Thrive Smart Home 1.1 contains an SQL injection vulnerability in the checklogin.php endpoint that allows unauthenticated attackers to bypass authentication by manipulating the 'user' POST parameter. Attackers can inject malicious SQL code like ' or 1=1# to manipulate login queries…

more

and gain unauthorized access to the application.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Requires validation of untrusted inputs like the 'user' POST parameter in checklogin.php to block SQL injection payloads and prevent authentication bypass.

SI-2 Flaw Remediation good match
prevent

Mandates timely identification, reporting, and remediation of flaws such as the SQL injection vulnerability in CVE-2019-25325 via patching or secure code updates.

SC-7 Boundary Protection partial match
prevent

Enforces boundary protection at network interfaces using web application firewalls or similar to detect and block SQL injection attempts targeting the login endpoint.

Security SummaryAI

CVE-2019-25325 is an SQL injection vulnerability (CWE-89) in Thrive Smart Home version 1.1, affecting the checklogin.php endpoint. The flaw arises from improper handling of the 'user' POST parameter, enabling attackers to inject malicious SQL payloads, such as ' or 1=1#, directly into login queries.

Unauthenticated attackers can exploit this vulnerability remotely over the network with low attack complexity and no user interaction or privileges required, as indicated by its CVSS v3.1 base score of 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N). Successful exploitation allows bypassing authentication mechanisms, granting unauthorized access to the application and potentially exposing sensitive data with high confidentiality impact and low integrity impact.

Advisories and related resources, including those at https://cxsecurity.com/issue/WLB-2020010019, https://exchange.xforce.ibmcloud.com/vulnerabilities/173728, https://packetstorm.news/files/id/155797, https://www.exploit-db.com/exploits/47814, and https://www.vulncheck.com/advisories/thrive-smart-home-smart-home-improper-limitation-o, document the issue and provide exploit details, though specific patch or mitigation guidance is not detailed in the core CVE information.

Details

CWE(s)
CWE-89

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

SQL injection in login endpoint allows unauthenticated remote exploitation of a public-facing web application to bypass authentication and gain unauthorized access.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References