What is the CVSS score of CVE-2019-25500?

CVE-2019-25500 has a CVSS 3.1 base score of 8.2 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N. EPSS exploitation probability: 0.1%.

Which versions of Simplejobscript are affected by CVE-2019-25500?

A critical SQL injection vulnerability in Simple Job Script allows unauthenticated attackers to directly manipulate your database without credentials, potentially exposing or corrupting sensitive…

Is there a public PoC exploit available for CVE-2019-25500?

Yes, a public proof-of-concept exploit is available for CVE-2019-25500. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2019-25500?

Within 24 hours: Identify all instances of Simple Job Script in your environment and take affected systems offline or restrict network access to trusted IPs only. Within 7 days: Implement Web Application Firewall (WAF) rules to block SQL injection patterns in the employerid parameter, conduct database access logs review for suspicious queries, and assess whether data exfiltration has occurred. Within 30 days: Replace Simple Job Script with a patched or alternative solution, or apply vendor mitigations if available; validate all remediation with security testing.

Simplejobscript CVE-2019-25500

HIGH

SQL Injection (CWE-89)

2026-03-04 disclosure@vulncheck.com

SQLi Simplejobscript

8.2

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

8.2 HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:05 vuln.today

PoC Detected

Mar 06, 2026 - 20:47 vuln.today

Public exploit code

CVE Published

Mar 04, 2026 - 18:16 nvd

HIGH 8.2

DescriptionCVE.org

Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the employerid parameter. Attackers can send POST requests to the register-recruiters endpoint with time-based SQL injection payloads to extract sensitive data or modify database contents.

AnalysisAI

Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the employerid parameter. [CVSS 8.2 HIGH]

Technical ContextAI

Classified as CWE-89 (SQL Injection). Affects the employerid component of Simplejobscript. Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the employerid parameter. Attackers can send POST requests to the register-recruiters endpoint with time-based SQL injection payloads to extract sensitive data or modify database contents.

RemediationAI

Monitor vendor advisories for a patch. Use parameterized queries. Implement input validation. Restrict network access to the affected service where possible.

CVE-2019-25500 vulnerability details – vuln.today

Back

Simplejobscript CVE-2019-25500

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code