CVE-2019-25422
Published: 19 February 2026
Summary
CVE-2019-25422 is a medium-severity Cross-site Scripting (CWE-79) vulnerability in Comodo Dome Firewall. Its CVSS base score is 5.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 6.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Deeper analysis
Comodo Dome Firewall version 2.7.0 contains cross-site scripting vulnerabilities (CWE-79) in the vpnfw endpoint. These flaws allow attackers to inject malicious scripts via POST requests, enabling reflected XSS through the target parameter or stored XSS through the remark parameter. The issues result in the execution of arbitrary JavaScript code within the browsers of administrators, with a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N).
Remote attackers with network access can exploit these vulnerabilities without authentication privileges. By submitting crafted POST requests containing script payloads to the vpnfw endpoint, they can trigger JavaScript execution in an administrator's browser, potentially compromising sensitive data or performing unauthorized actions within the administrative context.
Advisories detail the vulnerabilities, including a proof-of-concept exploit published on Exploit-DB at https://www.exploit-db.com/exploits/46408 and a Vulncheck advisory at https://www.vulncheck.com/advisories/comodo-dome-firewall-cross-site-scripting-via-vpnfw. Additional references include Comodo product pages at https://cdome.comodo.com/firewall/ and https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=9278.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2019-19650
Vulnerability details
Comodo Dome Firewall 2.7.0 contains cross-site scripting vulnerabilities that allow attackers to inject malicious scripts through the vpnfw endpoint. Attackers can submit POST requests with script payloads in the target parameter for reflected XSS or the remark parameter for stored…
more
XSS to execute arbitrary JavaScript in administrator browsers.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
XSS in public-facing firewall admin interface directly enables exploitation of a public-facing application to execute arbitrary code in admin context.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires validation of all inputs to the vpnfw endpoint (target/remark parameters) to reject script payloads before they are processed or stored.
Mandates output filtering/encoding of administrative web responses so that any injected script from stored or reflected XSS is neutralized before reaching the browser.
Provides malicious-code inspection and filtering capabilities that can be configured to detect and block common XSS patterns at the web interface boundary.