CVE-2019-25325 - Vulnerability Analysis
HighCVSS: 8.2Last Updated: February 13, 2026
Thrive Smart Home - Authentication Bypass
Published: February 12, 2026Updated: February 13, 2026Remote Exploitable
Overview
Thrive Smart Home 1.1 contains an sql injection caused by manipulation of the 'user' POST parameter in checklogin.php, letting unauthenticated attackers bypass authentication by injecting malicious SQL code.
Severity & Score
Severity: High
CVSS Score: 8.2
Impact
Unauthenticated attackers can bypass authentication and gain unauthorized access to the application.
Mitigation
Update to the latest version.
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/173728
- https://packetstorm.news/files/id/155797
- https://www.exploit-db.com/exploits/47814
- https://www.vulncheck.com/advisories/thrive-smart-home-smart-home-improper-limitation-o
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5554.php
- https://cxsecurity.com/issue/WLB-2020010019
Related Resources
Details
- CVE ID
- CVE-2019-25325
- Severity
- High
- CVSS Score
- 8.2
- Type
- sql_injection
- Status
- unconfirmed
CWE
- CWE-89
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N