CVE-2019-25428 – This vulnerability allows attackers to inject m... (How to Fix)

Q: What is the severity of CVE-2019-25428?

CVE-2019-25428 has a CVSS score of 6.1 (MEDIUM). This vulnerability allows attackers to inject malicious JavaScript into Comodo Dome Firewall's web interface through crafted POST requests. When users access the vulnerable openvpn_users endpoint, the injected scripts execute in their browsers, potentially stealing session cookies or performing unauthorized actions. Organizations using Comodo Dome Firewall 2.7.0 are affected.

📋 TL;DR

This vulnerability allows attackers to inject malicious JavaScript into Comodo Dome Firewall's web interface through crafted POST requests. When users access the vulnerable openvpn_users endpoint, the injected scripts execute in their browsers, potentially stealing session cookies or performing unauthorized actions. Organizations using Comodo Dome Firewall 2.7.0 are affected.

💻 Affected Systems

Products:

Comodo Dome Firewall

Versions: 2.7.0

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the web management interface's openvpn_users endpoint. Any installation with web interface accessible is vulnerable.

📦 What is this software?

Dome Firewall by Comodo

View all CVEs affecting Dome Firewall →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator session cookies, gain full administrative access to the firewall, reconfigure network security policies, or pivot to internal networks.

🟠

Likely Case

Attackers would steal session cookies to impersonate administrators, potentially modifying firewall rules or accessing sensitive configuration data.

🟢

If Mitigated

With proper input validation and output encoding, malicious scripts would be neutralized before reaching user browsers, preventing execution.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires the attacker to trick an authenticated user into clicking a malicious link or visiting a crafted page. Public exploit code is available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.8.0 or later

Vendor Advisory: https://cdome.comodo.com/firewall/

Restart Required: Yes

Instructions:

1. Log into Comodo support portal. 2. Download latest version (2.8.0+). 3. Backup current configuration. 4. Install update following vendor instructions. 5. Restart firewall services.

🔧 Temporary Workarounds

Web Application Firewall (WAF) Rules

all

Deploy WAF rules to block XSS payloads in POST parameters to /openvpn_users endpoint

Input Validation Filter

all

Implement input validation to sanitize username, remotenets, explicitroutes, static_ip, custom_dns, and custom_domain parameters

🧯 If You Can't Patch

Restrict access to firewall management interface to trusted IP addresses only
Implement Content Security Policy (CSP) headers to prevent script execution from untrusted sources

🔍 How to Verify

Check if Vulnerable:

Test by submitting a POST request to /openvpn_users with XSS payload in vulnerable parameters and checking if script executes in response

Check Version:

ssh admin@firewall 'show version' or check web interface System > About

Verify Fix Applied:

After patching, repeat the test - script payloads should be properly encoded or rejected

📡 Detection & Monitoring

Log Indicators:

POST requests to /openvpn_users containing script tags or JavaScript in parameters
Unusual parameter values in username, remotenets, explicitroutes fields

Network Indicators:

HTTP requests with encoded script payloads in POST data
Multiple failed login attempts followed by XSS payload submissions

SIEM Query:

source="firewall_logs" AND url_path="/openvpn_users" AND (http_method="POST") AND (param_content CONTAINS "<script>" OR param_content CONTAINS "javascript:")

📊 Metadata

CVE ID: CVE-2019-25428

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

Published: February 19, 2026

Last Updated: February 20, 2026

🔗 References

https://cdome.comodo.com/firewall/ Product
https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=9278 Not Applicable
https://www.exploit-db.com/exploits/46408 Exploit,Third Party Advisory
https://www.vulncheck.com/advisories/comodo-dome-firewall-cross-site-scripting-via-openvpnusers Broken Link

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-25428, you might also want to check these: