CVE-2019-25405 – Comodo Dome Firewall 2.7.0 contains a stored cr... (How to Fix)

Q: What is the severity of CVE-2019-25405?

CVE-2019-25405 has a CVSS score of 7.2 (HIGH). Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability in the license activation endpoint. Attackers can inject malicious JavaScript via the newLicense parameter, which executes in administrators' browsers when viewing license management pages. This affects administrators of Comodo Dome Firewall installations.

📋 TL;DR

Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability in the license activation endpoint. Attackers can inject malicious JavaScript via the newLicense parameter, which executes in administrators' browsers when viewing license management pages. This affects administrators of Comodo Dome Firewall installations.

💻 Affected Systems

Products:

Comodo Dome Firewall

Versions: 2.7.0

Operating Systems: All supported OS for Comodo Dome Firewall

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the web management interface. Requires administrator access to the license management page for exploitation.

📦 What is this software?

Dome Firewall by Comodo

View all CVEs affecting Dome Firewall →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Administrator account compromise leading to firewall configuration changes, network rule manipulation, credential theft, and full network access.

🟠

Likely Case

Session hijacking of administrator accounts, credential theft, and unauthorized configuration changes to the firewall.

🟢

If Mitigated

Limited impact if administrators use separate accounts for firewall management and have strong session management controls.

🌐 Internet-Facing: HIGH - The license activation endpoint is typically accessible from the internet for license management purposes.

🏢 Internal Only: MEDIUM - Internal attackers could exploit this if they gain access to the management interface.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires sending POST requests to the license activation endpoint with JavaScript payloads. Public exploit code is available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.8.0 or later

Vendor Advisory: https://cdome.comodo.com/firewall/

Restart Required: Yes

Instructions:

1. Log into Comodo Dome Firewall admin interface. 2. Navigate to System > Updates. 3. Check for available updates. 4. Apply update to version 2.8.0 or later. 5. Restart the firewall service.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement input validation to sanitize newLicense parameter values

Not applicable - requires code changes

Content Security Policy

all

Implement CSP headers to restrict script execution

Add 'Content-Security-Policy: script-src 'self'' to HTTP headers

🧯 If You Can't Patch

Restrict access to the firewall management interface to trusted IP addresses only
Use separate administrator accounts with minimal privileges for license management tasks

🔍 How to Verify

Check if Vulnerable:

Check if running Comodo Dome Firewall version 2.7.0 by logging into admin interface and viewing System > About

Check Version:

Not applicable - check via web interface only

Verify Fix Applied:

Verify version is 2.8.0 or later in System > About page

📡 Detection & Monitoring

Log Indicators:

POST requests to /license/activate with JavaScript payloads in newLicense parameter
Unusual license activation attempts

Network Indicators:

HTTP POST requests containing script tags or JavaScript code in license activation endpoints

SIEM Query:

source="firewall_logs" AND (url_path="/license/activate" AND (method="POST" AND (content CONTAINS "<script>" OR content CONTAINS "javascript:")))

📊 Metadata

CVE ID: CVE-2019-25405

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

CWE: CWE-79

Published: February 19, 2026

Last Updated: February 20, 2026

🔗 References

https://cdome.comodo.com/firewall/ Product
https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=9278 Not Applicable
https://www.exploit-db.com/exploits/46408 Exploit,Third Party Advisory
https://www.vulncheck.com/advisories/comodo-dome-firewall-stored-cross-site-scripting-via-licenseactivation Broken Link

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-25405, you might also want to check these: