Authentication Bypass in Smartwares HOME Product
CVE-2019-25235

8.8HIGH

Key Information:

Vendor

Smartwares

Status
Smartwares Home Easy
Vendor
CVE Published:
24 December 2025

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2019-25235?

Smartwares HOME version 1.0.9 is susceptible to an authentication bypass vulnerability. This flaw enables unauthenticated attackers to disable JavaScript, granting them access to administrative web pages. By circumventing client-side validation, attackers can navigate through various administrative endpoints, potentially exposing sensitive system data. This risk highlights the critical importance of server-side security measures to protect against unauthorized access.

Affected Version(s)

Smartwares HOME easy 1.0.9

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2019-25235 - Proof of Concept

References

https://www.exploit-db.com/exploits/47595
exploit
https://www.smartwares.eu
product
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-55...
third-party-advisory

CVSS V4

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

LiquidWorm as Gjoko Krstic of Zero Science Lab
JSON
.
CVE-2019-25235 : Authentication Bypass in Smartwares HOME Product