What is the CVSS score of CVE-2019-25298?

CVE-2019-25298 has a CVSS 3.1 base score of 9.1 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of SNMP are affected by CVE-2019-25298?

A critical SQL injection vulnerability in html5_snmp 1.11 allows attackers to manipulate database queries and potentially gain unauthorized access to sensitive data or system control.

Is there a public PoC exploit available for CVE-2019-25298?

Yes, a public proof-of-concept exploit is available for CVE-2019-25298. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2019-25298?

Within 24 hours: Inventory all systems running html5_snmp 1.11 and isolate affected assets from production networks if possible. Within 7 days: Implement WAF rules to block malicious SQL injection patterns targeting Router_ID and Router_IP parameters; restrict network access to html5_snmp interfaces to trusted IP ranges only. Within 30 days: Migrate to an alternative vendor solution or a patched version once available; conduct forensic audit of database logs for evidence of exploitation.

SNMP CVE-2019-25298

CRITICAL

SQL Injection (CWE-89)

2026-02-06 disclosure@vulncheck.com

SNMP SQLi Html5 Snmp

9.1

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

9.1 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Mar 02, 2026 - 15:16 vuln.today

Public exploit code

CVE Published

Feb 06, 2026 - 17:16 nvd

CRITICAL 9.1

DescriptionCVE.org

html5_snmp 1.11 contains multiple SQL injection vulnerabilities that allow attackers to manipulate database queries through Router_ID and Router_IP parameters. Attackers can exploit error-based, time-based, and union-based injection techniques to potentially extract or modify database information by sending crafted payloads.

AnalysisAI

html5_snmp 1.11 has multiple SQL injection vulnerabilities allowing attackers to manipulate SNMP monitoring database queries.

Technical ContextAI

html5_snmp 1.11 has multiple CWE-89 SQL injection vulnerabilities that allow attackers to inject SQL commands and extract or modify SNMP monitoring data.

RemediationAI

Update the software. Parameterize all SQL queries.

CVE-2019-25298 vulnerability details – vuln.today

Back

SNMP CVE-2019-25298

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code