CVE-2019-25494 - Vulnerability Analysis
HighCVSS: 8.2Last Updated: February 27, 2026
Homey BNB - Authentication Bypass
Published: February 27, 2026Updated: February 27, 2026Remote Exploitable
Overview
Homey BNB V4 contains an sql injection caused by injection of SQL syntax into username and password fields in the administration panel login, letting unauthenticated attackers bypass authentication and gain admin access, exploit requires crafted input in login fields.
Severity & Score
Severity: High
CVSS Score: 8.2
Impact
Unauthenticated attackers can bypass authentication and gain unauthorized admin panel access.
Mitigation
Update to the latest version with SQL injection fixes.
References
Related Resources
Details
- CVE ID
- CVE-2019-25494
- Severity
- High
- CVSS Score
- 8.2
- Type
- sql_injection
- Status
- new
CWE
- CWE-89
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N