How to fix CVE-2019-25298?

Within 24 hours: Inventory all systems running html5_snmp 1.11 and isolate affected assets from production networks if possible. Within 7 days: Implement WAF rules to block malicious SQL injection patterns targeting Router_ID and Router_IP parameters; restrict network access to html5_snmp interfaces to trusted IP ranges only. Within 30 days: Migrate to an alternative vendor solution or a patched version once available; conduct forensic audit of database logs for evidence of exploitation.

Is Snmp affected by CVE-2019-25298?

A critical SQL injection vulnerability in html5_snmp 1.11 allows attackers to manipulate database queries and potentially gain unauthorized access to sensitive data or system control.

CVE-2019-25298

CRITICAL

2026-02-06 [email protected]

9.1

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Mar 02, 2026 - 15:16 vuln.today

Public exploit code

CVE Published

Feb 06, 2026 - 17:16 nvd

CRITICAL 9.1

Description

html5_snmp 1.11 contains multiple SQL injection vulnerabilities that allow attackers to manipulate database queries through Router_ID and Router_IP parameters. Attackers can exploit error-based, time-based, and union-based injection techniques to potentially extract or modify database information by sending crafted payloads.

Analysis

html5_snmp 1.11 has multiple SQL injection vulnerabilities allowing attackers to manipulate SNMP monitoring database queries.

Technical Context

html5_snmp 1.11 has multiple CWE-89 SQL injection vulnerabilities that allow attackers to inject SQL commands and extract or modify SNMP monitoring data.

Affected Products

['html5_snmp 1.11']

Remediation

Update the software. Parameterize all SQL queries.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +46

POC: +20

CVE-2019-25298 vulnerability details – vuln.today

Back

CVE-2019-25298

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2019-25298

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code