CVE-2019-25379
Published: 16 February 2026
Summary
CVE-2019-25379 is a medium-severity Cross-site Scripting (CWE-79) vulnerability in Smoothwall Smoothwall Express. Its CVSS base score is 5.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Browser Session Hijacking (T1185); ranked at the 14.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Deeper analysis
CVE-2019-25379 is a stored and reflected cross-site scripting (XSS) vulnerability (CWE-79) affecting Smoothwall Express version 3.1-SP4-polar-x86_64-update9, specifically in the urlfilter.cgi endpoint. The flaw allows attackers to inject malicious scripts by submitting POST requests containing script payloads in the REDIRECT_PAGE or CHILDREN parameters. It has a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N), indicating network accessibility, low attack complexity, no privileges or user interaction required, and a change in scope with low impacts to confidentiality and integrity.
Unauthenticated remote attackers can exploit this vulnerability to execute arbitrary JavaScript in the browsers of users accessing the affected Smoothwall Express interface. By crafting POST requests with malicious payloads, attackers can achieve reflected XSS for immediate execution upon submission or stored XSS for persistence, potentially leading to session hijacking, data theft, or further phishing attacks against administrative users.
Advisories and references, including those from Vulncheck and the Smoothwall website, detail the vulnerability, while a proof-of-concept exploit is available on Exploit-DB (ID 46333). No specific patch or mitigation details are outlined in the provided information, but security practitioners should consult these sources for updates and apply vendor-recommended fixes to the urlfilter.cgi endpoint. A public PoC indicates potential for real-world exploitation.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2019-19620
Vulnerability details
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains stored and reflected cross-site scripting vulnerabilities in the urlfilter.cgi endpoint that allow attackers to inject malicious scripts. Attackers can submit POST requests with script payloads in the REDIRECT_PAGE or CHILDREN parameters to execute arbitrary JavaScript in…
more
user browsers.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
XSS enables browser session hijacking via arbitrary JS execution for cookie theft or account takeover on the web UI.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation and sanitization of untrusted inputs (REDIRECT_PAGE/CHILDREN parameters) to block script injection into urlfilter.cgi.
Requires filtering of information outputs to remove or neutralize malicious scripts before they reach user browsers in stored or reflected XSS scenarios.
Provides malicious-code detection and blocking mechanisms that can identify and stop injected JavaScript payloads at the application boundary.