What is CVE-2019-25675?

CVE-2019-25675 is a high-severity vulnerability in Edirectory, classified under SQL Injection. CVSS score: 8.2/10. Published 2026-04-05.

How severe is CVE-2019-25675?

High severity. CVSS v3 base score is 8.2 out of 10.

SQL Injection in Edirectory

CVE-2019-25675

eDirectory contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to bypass administrator authentication and disclose sensitive files by injecting SQL code into parameters. Attackers can exploit the key parame…

Vulnerability class: SQL Injection

EPSS: 0.002 (36.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N.

Affected products

Edirectory — versions 1.0

Weakness classification (CWE)

CWE-89 — SQL Injection

References

ExploitDB-46423 (exploit)
Official Product Homepage (product)
VulnCheck Advisory: eDirectory All Versions SQL Injection Authentication Bypass (third-party-advisory)

Frequently asked questions

What is CVE-2019-25675?: CVE-2019-25675 is a high-severity vulnerability in Edirectory, classified under SQL Injection. CVSS score: 8.2/10. Published 2026-04-05.
How severe is CVE-2019-25675?: High severity. CVSS v3 base score is 8.2 out of 10.