← back
CVE-2019-25235

Smartwares HOME easy 1.0.9 Client-Side Authentication Bypass via Web Pages

CVSS 8.8 HIGHEPSS 0.4%CWE-639
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.8EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
24 Dec 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Smartwares HOME easy 1.0.9 contains an authentication bypass vulnerability that allows unauthenticated attackers to access administrative web pages by disabling JavaScript. Attackers can navigate to multiple administrative endpoints and to bypass client-side validation and access sensitive system information.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
Affected products
Smartwares · Smartwares HOME easy

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.exploit-db.com/exploits/47595https://www.smartwares.euhttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5540.php