CVE-2019-25422 – CVE-2019-25422 is a cross-site scripting vulner... (How to Fix)

Q: What is the severity of CVE-2019-25422?

CVE-2019-25422 has a CVSS score of 7.2 (HIGH). CVE-2019-25422 is a cross-site scripting vulnerability in Comodo Dome Firewall that allows attackers to inject malicious JavaScript through the vpnfw endpoint. Attackers can execute arbitrary scripts in administrator browsers via reflected XSS in the target parameter or stored XSS in the remark parameter. Organizations using Comodo Dome Firewall 2.7.0 are affected.

📋 TL;DR

CVE-2019-25422 is a cross-site scripting vulnerability in Comodo Dome Firewall that allows attackers to inject malicious JavaScript through the vpnfw endpoint. Attackers can execute arbitrary scripts in administrator browsers via reflected XSS in the target parameter or stored XSS in the remark parameter. Organizations using Comodo Dome Firewall 2.7.0 are affected.

💻 Affected Systems

Products:

Comodo Dome Firewall

Versions: 2.7.0

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the vpnfw endpoint which is typically accessible via the web management interface.

📦 What is this software?

Dome Firewall by Comodo

View all CVEs affecting Dome Firewall →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could hijack administrator sessions, steal credentials, install backdoors, pivot to internal networks, or completely compromise the firewall management interface.

🟠

Likely Case

Attackers would steal administrator credentials or session cookies to gain unauthorized access to the firewall management console, potentially modifying firewall rules or accessing sensitive network information.

🟢

If Mitigated

With proper network segmentation and access controls, impact would be limited to the firewall management interface without lateral movement to other systems.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit code is publicly available on Exploit-DB (ID 46408), making this easily exploitable by attackers with network access to the management interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.8.0 or later

Vendor Advisory: https://cdome.comodo.com/firewall/

Restart Required: Yes

Instructions:

1. Download the latest version from Comodo's official website. 2. Backup current configuration. 3. Install the update following vendor instructions. 4. Restart the firewall service. 5. Verify the update was successful.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict access to the firewall management interface to trusted IP addresses only

Configure firewall rules to allow management access only from specific IP ranges

Web Application Firewall

all

Deploy a WAF in front of the firewall management interface to filter XSS payloads

Configure WAF rules to block requests containing script tags and JavaScript patterns

🧯 If You Can't Patch

Implement strict network segmentation to isolate the firewall management interface from untrusted networks
Enable Content Security Policy headers and input validation at network perimeter devices

🔍 How to Verify

Check if Vulnerable:

Check if the firewall version is 2.7.0 via the web interface or CLI. Test by attempting to inject basic XSS payloads into the target and remark parameters of the vpnfw endpoint.

Check Version:

ssh admin@firewall-ip 'show version' or check via web interface at /admin/system_info

Verify Fix Applied:

Verify the version is 2.8.0 or later. Test that XSS payloads no longer execute in the browser and are properly sanitized or rejected.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /vpnfw endpoint with script-like content
Multiple failed login attempts followed by successful login from new IP
Administrator sessions from unexpected IP addresses or user agents

Network Indicators:

HTTP requests containing <script> tags or JavaScript functions in POST parameters
Traffic to the firewall management interface from external IPs

SIEM Query:

source="firewall_logs" AND (uri_path="/vpnfw" AND (http_method="POST" AND (param="target" OR param="remark") AND content="<script>" OR content="javascript:"))

📊 Metadata

CVE ID: CVE-2019-25422

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

CWE: CWE-79

Published: February 19, 2026

Last Updated: February 20, 2026

🔗 References

https://cdome.comodo.com/firewall/ Product
https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=9278 Not Applicable
https://www.exploit-db.com/exploits/46408 Exploit,Third Party Advisory
https://www.vulncheck.com/advisories/comodo-dome-firewall-cross-site-scripting-via-vpnfw Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-25422, you might also want to check these: