CVE-2019-25417 – Comodo Dome Firewall 2.7.0 contains a reflected... (How to Fix)

Q: What is the severity of CVE-2019-25417?

CVE-2019-25417 has a CVSS score of 6.1 (MEDIUM). Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability in the QoS rules management endpoint. Attackers can inject malicious JavaScript via the protocol parameter in POST requests, potentially executing arbitrary code in administrator browsers. This affects administrators using the web management interface of vulnerable Comodo Dome Firewall installations.

📋 TL;DR

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability in the QoS rules management endpoint. Attackers can inject malicious JavaScript via the protocol parameter in POST requests, potentially executing arbitrary code in administrator browsers. This affects administrators using the web management interface of vulnerable Comodo Dome Firewall installations.

💻 Affected Systems

Products:

Comodo Dome Firewall

Versions: 2.7.0

Operating Systems: All supported OS for Comodo Dome Firewall

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects web management interface; requires administrator to interact with malicious link while authenticated.

📦 What is this software?

Dome Firewall by Comodo

View all CVEs affecting Dome Firewall →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Administrator session hijacking leading to firewall configuration compromise, credential theft, or installation of persistent backdoors.

🟠

Likely Case

Session hijacking allowing attacker to perform administrative actions or steal sensitive firewall configuration data.

🟢

If Mitigated

Limited impact if administrators use separate browser profiles or sessions for firewall management.

🌐 Internet-Facing: HIGH if firewall management interface is exposed to internet, as reflected XSS can be delivered via phishing.

🏢 Internal Only: MEDIUM if management interface is internal only, requiring attacker to be on network or trick administrator into visiting malicious link.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires administrator to click malicious link while authenticated; public exploit code available on Exploit-DB.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.8.0 or later

Vendor Advisory: https://cdome.comodo.com/firewall/

Restart Required: Yes

Instructions:

1. Log into Comodo Dome Firewall admin interface. 2. Navigate to System > Updates. 3. Check for and apply available updates to version 2.8.0 or later. 4. Restart firewall services as prompted.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement web application firewall or input filtering to sanitize protocol parameter values

Content Security Policy

all

Implement strict CSP headers to prevent script execution from untrusted sources

🧯 If You Can't Patch

Restrict firewall management interface to trusted IP addresses only
Use separate browser profiles or sessions for firewall management and general browsing

🔍 How to Verify

Check if Vulnerable:

Test by submitting <script>alert('XSS')</script> in protocol parameter to QoS rules endpoint while authenticated

Check Version:

ssh admin@firewall-ip 'show version' or check in web interface under System > About

Verify Fix Applied:

After update, attempt same XSS test; script should be sanitized or blocked

📡 Detection & Monitoring

Log Indicators:

POST requests to /qos_rules with script tags in parameters
Unusual administrator session activity

Network Indicators:

HTTP requests containing JavaScript payloads to firewall management interface

SIEM Query:

source="firewall_logs" AND uri_path="/qos_rules" AND (protocol="*<script>*" OR user_agent="*<script>*")

📊 Metadata

CVE ID: CVE-2019-25417

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

Published: February 19, 2026

Last Updated: February 20, 2026

🔗 References

https://cdome.comodo.com/firewall/ Product
https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=9278 Not Applicable
https://www.exploit-db.com/exploits/46408 Exploit,Third Party Advisory
https://www.vulncheck.com/advisories/comodo-dome-firewall-reflected-cross-site-scripting-via-qos-rules Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-25417, you might also want to check these: