CVE-2019-25402 – Comodo Dome Firewall 2.7.0 contains a reflected... (How to Fix)

Q: What is the severity of CVE-2019-25402?

CVE-2019-25402 has a CVSS score of 6.1 (MEDIUM). Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability in the login page's username parameter. Unauthenticated attackers can inject malicious JavaScript that executes in victims' browsers when they visit a crafted login URL. This affects all users of Comodo Dome Firewall 2.7.0 who have the firewall's web interface accessible.

📋 TL;DR

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability in the login page's username parameter. Unauthenticated attackers can inject malicious JavaScript that executes in victims' browsers when they visit a crafted login URL. This affects all users of Comodo Dome Firewall 2.7.0 who have the firewall's web interface accessible.

💻 Affected Systems

Products:

Comodo Dome Firewall

Versions: 2.7.0

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the web management interface. Firewall functionality itself remains intact.

📦 What is this software?

Dome Firewall by Comodo

View all CVEs affecting Dome Firewall →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator session cookies, perform actions as authenticated users, redirect to malicious sites, or install malware on administrator workstations.

🟠

Likely Case

Session hijacking of firewall administrators leading to unauthorized configuration changes, credential theft, or lateral movement within the network.

🟢

If Mitigated

Limited impact if firewall web interface is not internet-facing and users are trained not to click suspicious links.

🌐 Internet-Facing: HIGH - Directly exploitable via crafted URLs without authentication when web interface is exposed to internet.

🏢 Internal Only: MEDIUM - Requires internal attacker or phishing campaign targeting administrators.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit code is publicly available on Exploit-DB. Attack requires user interaction (clicking malicious link).

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.8.0 or later

Vendor Advisory: https://cdome.comodo.com/firewall/

Restart Required: Yes

Instructions:

1. Log into Comodo support portal. 2. Download latest version (2.8.0+). 3. Backup current configuration. 4. Install update following vendor instructions. 5. Restart firewall services.

🔧 Temporary Workarounds

Input Validation via WAF

all

Deploy web application firewall rules to block XSS payloads in username parameter

# Example ModSecurity rule: SecRule ARGS:username "@detectXSS" "id:1001,phase:2,deny,status:403"

Restrict Web Interface Access

linux

Limit access to firewall management interface to trusted IP ranges only

# Example iptables rule: iptables -A INPUT -p tcp --dport 443 -s 192.168.1.0/24 -j ACCEPT
# iptables -A INPUT -p tcp --dport 443 -j DROP

🧯 If You Can't Patch

Implement strict Content Security Policy headers to block inline script execution
Deploy network segmentation to isolate firewall management interface from user networks

🔍 How to Verify

Check if Vulnerable:

Test by submitting <script>alert('XSS')</script> in username field during login and checking if script executes

Check Version:

ssh admin@firewall "show version" or check web interface footer

Verify Fix Applied:

Verify version is 2.8.0+ and test XSS payload no longer executes

📡 Detection & Monitoring

Log Indicators:

POST requests to login endpoint with script tags in username parameter
Unusual length or special characters in username field

Network Indicators:

HTTP requests containing <script> tags in POST body to /login endpoint
Multiple failed login attempts with unusual usernames

SIEM Query:

source="firewall_logs" AND uri_path="/login" AND (username CONTAINS "<script>" OR username CONTAINS "javascript:")

📊 Metadata

CVE ID: CVE-2019-25402

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

Published: February 19, 2026

Last Updated: February 20, 2026

🔗 References

https://cdome.comodo.com/firewall/ Product
https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=9278 Not Applicable
https://www.exploit-db.com/exploits/46408 Exploit,Third Party Advisory
https://www.vulncheck.com/advisories/comodo-dome-firewall-cross-site-scripting-via-login Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-25402, you might also want to check these: