What is the CVSS score of CVE-2019-25527?

CVE-2019-25527 has a CVSS 3.1 base score of 8.2 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N. EPSS exploitation probability: 0.2%.

Is there a public PoC exploit available for CVE-2019-25527?

Yes, a public proof-of-concept exploit is available for CVE-2019-25527. Prioritise patching immediately. EPSS: 0.2%.

How to fix or mitigate CVE-2019-25527?

Within 24 hours: Inventory all systems running Inout EasyRooms Ultimate Edition v1.0 and isolate them from production networks if possible; enable detailed logging on affected systems. Within 7 days: Deploy WAF rules to block SQL injection patterns in the numguest parameter; implement network segmentation to restrict database access; contact Inout for patch timeline and workaround options. Within 30 days: Either apply a vendor patch when available or evaluate replacement solutions; conduct forensic audit to detect any prior exploitation.

CVE-2019-25527

HIGH

SQL Injection (CWE-89)

2026-03-12 disclosure@vulncheck.com

SQLi Information Disclosure

8.2

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

8.2 HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

None

Lifecycle Timeline

PoC Detected

Mar 12, 2026 - 21:07 vuln.today

Public exploit code

Analysis Generated

Mar 12, 2026 - 19:57 vuln.today

CVE Published

Mar 12, 2026 - 16:16 nvd

HIGH 8.2

DescriptionCVE.org

Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the numguest parameter. Attackers can send POST requests to the search/searchdetailed endpoint with malicious SQL payloads to bypass authentication, extract sensitive data, or modify database contents.

AnalysisAI

Technical ContextAI

Classified as CWE-89 (SQL Injection). Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the numguest parameter. Attackers can send POST requests to the search/searchdetailed endpoint with malicious SQL payloads to bypass authentication, extract sensitive data, or modify database contents.

Affected ProductsAI

Component: numguest.

RemediationAI

Monitor vendor advisories for a patch. Use parameterized queries. Implement input validation. Restrict network access to the affected service where possible.

CVE-2019-25527 vulnerability details – vuln.today

Back

CVE-2019-25527

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Share

External POC / Exploit Code