CVE-2019-25407 – Comodo Dome Firewall 2.7.0 contains a reflected... (How to Fix)

Q: What is the severity of CVE-2019-25407?

CVE-2019-25407 has a CVSS score of 6.1 (MEDIUM). Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability in the backup schedule interface. Attackers can inject malicious JavaScript via crafted POST requests to the backupschedule endpoint, potentially executing arbitrary scripts in users' browsers. This affects administrators and users accessing the firewall web interface.

📋 TL;DR

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability in the backup schedule interface. Attackers can inject malicious JavaScript via crafted POST requests to the backupschedule endpoint, potentially executing arbitrary scripts in users' browsers. This affects administrators and users accessing the firewall web interface.

💻 Affected Systems

Products:

Comodo Dome Firewall

Versions: 2.7.0

Operating Systems: All supported OS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects web management interface; requires user interaction (clicking malicious link).

📦 What is this software?

Dome Firewall by Comodo

View all CVEs affecting Dome Firewall →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker steals administrator session cookies, gains full control of firewall, modifies rules, creates backdoors, or pivots to internal network.

🟠

Likely Case

Attacker steals session cookies to hijack administrator sessions, potentially modifying firewall configurations or accessing sensitive information.

🟢

If Mitigated

Script execution blocked by browser security features or web application firewall, resulting in failed exploitation attempts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires social engineering to trick user into clicking malicious link; exploit code available on Exploit-DB.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.8.0 or later

Vendor Advisory: https://cdome.comodo.com/firewall/

Restart Required: Yes

Instructions:

1. Log into Comodo support portal. 2. Download latest version (2.8.0+). 3. Backup current configuration. 4. Install update following vendor instructions. 5. Restart firewall services.

🔧 Temporary Workarounds

Input Validation WAF Rule

all

Configure web application firewall to block requests containing JavaScript in BACKUP_RCPTTO parameter

WAF-specific configuration required

Restrict Management Interface Access

linux

Limit access to firewall management interface to trusted IP addresses only

iptables -A INPUT -p tcp --dport 443 -s TRUSTED_IP -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j DROP

🧯 If You Can't Patch

Implement strict Content Security Policy headers to block inline script execution
Use browser extensions that prevent XSS attacks for all administrative users

🔍 How to Verify

Check if Vulnerable:

Test by sending POST request to /backupschedule with JavaScript payload in BACKUP_RCPTTO parameter and checking if script executes

Check Version:

ssh admin@firewall 'show version' or check web interface About page

Verify Fix Applied:

Attempt same test after patch; script should be properly sanitized and not execute

📡 Detection & Monitoring

Log Indicators:

POST requests to /backupschedule with JavaScript code in parameters
Unusual parameter values in backup schedule requests

Network Indicators:

HTTP requests containing <script> tags or JavaScript functions in POST data

SIEM Query:

source="firewall_logs" AND url="/backupschedule" AND (POST_data CONTAINS "<script>" OR POST_data CONTAINS "javascript:")

📊 Metadata

CVE ID: CVE-2019-25407

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

Published: February 19, 2026

Last Updated: February 20, 2026

🔗 References

https://cdome.comodo.com/firewall/ Product
https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=9278 Not Applicable
https://www.exploit-db.com/exploits/46408 Exploit,VDB Entry
https://www.vulncheck.com/advisories/comodo-dome-firewall-cross-site-scripting-via-backupschedule Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-25407, you might also want to check these: