{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2019-25235","assignerOrgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","state":"PUBLISHED","assignerShortName":"VulnCheck","dateReserved":"2025-12-24T14:27:12.475Z","datePublished":"2025-12-24T19:27:55.565Z","dateUpdated":"2026-03-05T12:02:16.765Z"},"containers":{"cna":{"providerMetadata":{"orgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","shortName":"VulnCheck","dateUpdated":"2026-03-05T12:02:16.765Z"},"datePublic":"2019-11-05T00:00:00.000Z","title":"Smartwares HOME easy 1.0.9 Client-Side Authentication Bypass via Web Pages","descriptions":[{"lang":"en","value":"Smartwares HOME easy 1.0.9 contains an authentication bypass vulnerability that allows unauthenticated attackers to access administrative web pages by disabling JavaScript. Attackers can navigate to multiple administrative endpoints and to bypass client-side validation and access sensitive system information."}],"problemTypes":[{"descriptions":[{"lang":"en","description":"Authorization Bypass Through User-Controlled Key","cweId":"CWE-639","type":"CWE"}]}],"affected":[{"vendor":"Smartwares","product":"Smartwares HOME easy","versions":[{"version":"1.0.9","status":"affected"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:h:smartwares:home_easy:1.0.9:*:*:*:*:*:*:*"}]}]}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":8.8,"baseSeverity":"HIGH","exploitMaturity":"NOT_DEFINED","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS"},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS"}],"references":[{"url":"https://www.exploit-db.com/exploits/47595","name":"ExploitDB-47595","tags":["exploit"]},{"url":"https://www.smartwares.eu","name":"Official Product Homepage","tags":["product"]},{"url":"https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5540.php","name":"Zero Science Lab Disclosure (ZSL-2019-5540)","tags":["third-party-advisory"]}],"credits":[{"lang":"en","value":"LiquidWorm as Gjoko Krstic of Zero Science Lab","type":"finder"}],"x_generator":{"engine":"vulncheck"}},"adp":[{"references":[{"url":"https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5540.php","tags":["exploit"]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-12-24T20:05:39.585497Z","id":"CVE-2019-25235","options":[{"Exploitation":"poc"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-12-24T20:23:58.323Z"}}]}}