What is the CVSS score of CVE-2019-25494?

CVE-2019-25494 has a CVSS 3.1 base score of 8.2 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N. EPSS exploitation probability: 0.3%.

Which versions of Airbnb Clone Script are affected by CVE-2019-25494?

Homey BNB V4 contains a critical SQL injection flaw in the administration panel that allows attackers to bypass login controls without credentials, potentially granting unauthorized access to…

Is there a public PoC exploit available for CVE-2019-25494?

Yes, a public proof-of-concept exploit is available for CVE-2019-25494. Prioritise patching immediately. EPSS: 0.3%.

How to fix or mitigate CVE-2019-25494?

Within 24 hours: Immediately isolate or take offline any Homey BNB V4 instances connected to production networks; audit access logs for suspicious authentication attempts or SQL injection patterns. Within 7 days: Evaluate alternative property management solutions or contact vendor for emergency patching timeline; implement network segmentation to restrict admin panel access to trusted IP ranges only. Within 30 days: Deploy or upgrade to patched version if available; conduct full security audit of affected systems for unauthorized access; reset all administrative credentials.

Airbnb Clone Script CVE-2019-25494

HIGH

SQL Injection (CWE-89)

2026-02-27 disclosure@vulncheck.com

SQLi Authentication Bypass Airbnb Clone Script

8.2

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

8.2 HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

None

Lifecycle Timeline

PoC Detected

Mar 13, 2026 - 14:37 vuln.today

Public exploit code

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

CVE Published

Feb 27, 2026 - 18:16 nvd

HIGH 8.2

DescriptionCVE.org

Homey BNB V4 contains an SQL injection vulnerability in the administration panel login that allows unauthenticated attackers to bypass authentication by injecting SQL syntax into username and password fields. Attackers can submit SQL operators like '=' 'or' in both credentials to manipulate the authentication query and gain unauthorized access to the admin panel.

AnalysisAI

Technical ContextAI

Classified as CWE-89 (SQL Injection). Affects administration panel login. Homey BNB V4 contains an SQL injection vulnerability in the administration panel login that allows unauthenticated attackers to bypass authentication by injecting SQL syntax into username and password fields. Attackers can submit SQL operators like '=' 'or' in both credentials to manipulate the authentication query and gain unauthorized access to the admin panel.

RemediationAI

Monitor vendor advisories for a patch. Use parameterized queries. Implement input validation. Restrict network access to the affected service where possible.

CVE-2019-25494 vulnerability details – vuln.today

Back

Airbnb Clone Script CVE-2019-25494

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code