CVE-2019-25405
Published: 19 February 2026
Summary
CVE-2019-25405 is a medium-severity Cross-site Scripting (CWE-79) vulnerability in Comodo Dome Firewall. Its CVSS base score is 5.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 2.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Deeper analysis
CVE-2019-25405 is a stored cross-site scripting (XSS) vulnerability, classified under CWE-79, affecting Comodo Dome Firewall version 2.7.0. The issue arises from insufficient input validation on the newLicense parameter in the license activation endpoint, enabling attackers to inject malicious scripts via crafted POST requests.
Unauthenticated attackers with network access can exploit this vulnerability by submitting POST requests containing JavaScript payloads in the newLicense field. When administrators access the affected interface, the stored payload executes arbitrary JavaScript in their browsers, potentially leading to session hijacking, data theft, or further compromise. The CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N) reflects its high severity due to remote, low-complexity exploitation with a changed scope.
Resources include a proof-of-concept exploit published on Exploit-DB (https://www.exploit-db.com/exploits/46408) and an advisory from Vulncheck detailing the stored XSS via license activation (https://www.vulncheck.com/advisories/comodo-dome-firewall-stored-cross-site-scripting-via-licenseactivation). Additional references link to the Comodo Dome Firewall product page (https://cdome.comodo.com/firewall/) and a purchase endpoint (https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=9278), though specific patch or mitigation guidance is not outlined in the available details.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2019-19655
Vulnerability details
Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the newLicense parameter. Attackers can send POST requests to the license activation endpoint with script payloads in the…
more
newLicense field to execute arbitrary JavaScript in administrators' browsers.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stored XSS in public-facing web interface directly enables T1190 exploitation; injected payloads execute as JavaScript (T1059.007) in admin browsers.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of the newLicense input parameter to reject or sanitize script payloads before they are stored and later rendered.
Requires filtering of information output (license data displayed to admins) to neutralize stored script content and block execution in the browser.
Can enforce malicious-code inspection or filtering rules on web inputs/outputs to block or alert on XSS payloads at the license activation endpoint.