CVE-2019-25375 – CVE-2019-25375 is a reflected cross-site script... (How to Fix)

Q: What is the severity of CVE-2019-25375?

CVE-2019-25375 has a CVSS score of 6.1 (MEDIUM). CVE-2019-25375 is a reflected cross-site scripting vulnerability in OPNsense 19.1 that allows unauthenticated attackers to inject malicious JavaScript via the mailserver parameter in POST requests to the monit interface. This enables arbitrary code execution in users' browsers when they visit crafted URLs. All OPNsense 19.1 users with the monit interface accessible are affected.

📋 TL;DR

CVE-2019-25375 is a reflected cross-site scripting vulnerability in OPNsense 19.1 that allows unauthenticated attackers to inject malicious JavaScript via the mailserver parameter in POST requests to the monit interface. This enables arbitrary code execution in users' browsers when they visit crafted URLs. All OPNsense 19.1 users with the monit interface accessible are affected.

💻 Affected Systems

Products:

OPNsense

Versions: 19.1

Operating Systems: OPNsense (FreeBSD-based)

Default Config Vulnerable: ⚠️ Yes

Notes: Requires monit interface to be accessible. Default configuration may expose this interface on management networks.

📦 What is this software?

Opnsense by Opnsense

View all CVEs affecting Opnsense →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, perform actions as authenticated users, redirect to malicious sites, or install malware via browser exploitation.

🟠

Likely Case

Session hijacking leading to unauthorized access to the firewall administration interface, potentially allowing further network compromise.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to the specific user session that clicks the malicious link.

🌐 Internet-Facing: HIGH if monit interface is exposed to the internet, as unauthenticated attackers can craft malicious URLs targeting any user.

🏢 Internal Only: MEDIUM if only accessible internally, requiring attacker to be on the network or trick internal users into clicking malicious links.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit requires user interaction (clicking malicious link) but is trivial to craft. Public exploit code available at Exploit-DB.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 19.1.7 and later

Vendor Advisory: https://forum.opnsense.org/index.php?topic=11469.0

Restart Required: No

Instructions:

1. Update OPNsense via System → Firmware → Updates. 2. Click 'Check for updates'. 3. Install all available updates. 4. Reboot is recommended but not strictly required.

🔧 Temporary Workarounds

Restrict monit interface access

all

Block external access to monit interface using firewall rules

Add firewall rule to block port 2812 (default monit port) from untrusted networks

Disable monit service

linux

Temporarily disable monit monitoring service if not required

ssh into OPNsense and run: service monit stop
To disable permanently: echo 'monit_enable="NO"' >> /etc/rc.conf.local

🧯 If You Can't Patch

Implement strict firewall rules to restrict monit interface access to trusted IP addresses only
Deploy web application firewall (WAF) rules to filter XSS payloads in POST parameters

🔍 How to Verify

Check if Vulnerable:

Check OPNsense version via web interface: System → Firmware → Status, or run: opnsense-version

Check Version:

opnsense-version

Verify Fix Applied:

Verify version is 19.1.7 or later. Test by attempting to inject basic XSS payload into mailserver parameter (in controlled environment).

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /monit/ with JavaScript in parameters
Multiple failed login attempts after monit interface access

Network Indicators:

HTTP requests containing <script> tags or JavaScript functions in POST data to port 2812

SIEM Query:

source="opnsense.log" AND ("mailserver" AND ("<script>" OR "javascript:" OR "onerror=" OR "onload="))

📊 Metadata

CVE ID: CVE-2019-25375

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

Published: February 15, 2026

Last Updated: February 18, 2026

🔗 References

https://forum.opnsense.org/index.php?topic=11469.0 Release Notes
https://opnsense.org Product
https://www.exploit-db.com/exploits/46351 Exploit,Third Party Advisory,VDB Entry
https://www.vulncheck.com/advisories/opnsense-reflected-xss-via-monit-interface Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-25375, you might also want to check these: