CVE-2019-25374 in OPNsenseinfo

Summary

by MITRE • 02/15/2026

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by exploiting the passthrough_networks parameter in vpn_ipsec_settings.php. Attackers can craft POST requests with JavaScript payloads in the passthrough_networks parameter to execute arbitrary code in users' browsers.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 02/20/2026

The vulnerability identified as CVE-2019-25374 represents a critical reflected cross-site scripting flaw within OPNsense version 19.1, specifically affecting the vpn_ipsec_settings.php web interface component. This security weakness resides in how the application processes user input through the passthrough_networks parameter, creating an avenue for malicious actors to execute unauthorized code within victim browsers. The vulnerability stems from insufficient input validation and output encoding mechanisms that fail to properly sanitize user-supplied data before incorporating it into web responses.

The technical exploitation of this vulnerability occurs through crafted POST requests that target the vpn_ipsec_settings.php endpoint with malicious JavaScript payloads embedded within the passthrough_networks parameter. When the web application reflects this unsanitized input back to the user's browser without proper HTML escaping or context-appropriate encoding, it creates an environment where attacker-controlled scripts can execute with the privileges of the authenticated user. This reflected XSS vector operates entirely within the browser context, leveraging the legitimate user session to deliver malicious payloads that can perform actions such as stealing session cookies, redirecting users to malicious sites, or executing unauthorized administrative commands.

The operational impact of this vulnerability extends beyond simple script execution, as it can enable attackers to establish persistent access to administrative interfaces and potentially escalate privileges within the network security infrastructure. Security professionals should note that this vulnerability aligns with CWE-79, which categorizes cross-site scripting flaws as a fundamental weakness in input validation and output encoding. The attack surface is particularly concerning for network administrators who rely on OPNsense for IPsec VPN management, as successful exploitation could allow attackers to manipulate VPN configurations, access sensitive network data, or establish unauthorized connections to internal resources. This vulnerability also maps to ATT&CK technique T1059.007 for command and scripting interpreter, as the reflected XSS could be used to deliver payloads that execute commands within the browser environment.

Mitigation strategies for CVE-2019-25374 should prioritize immediate patching of OPNsense installations to version 19.1.1 or later, which includes the necessary input validation fixes. Network administrators should implement additional protective measures such as web application firewalls that can detect and block suspicious POST requests containing known XSS patterns. The implementation of Content Security Policy headers can provide an additional layer of defense by restricting script execution and preventing the loading of unauthorized resources. Security monitoring should include detection of anomalous POST requests targeting the vpn_ipsec_settings.php endpoint, particularly those containing JavaScript payloads or unusual parameter combinations. Organizations should also conduct regular security assessments of their firewall configurations and ensure that administrative interfaces are properly isolated from untrusted networks to minimize the potential impact of successful exploitation attempts.

Responsible

VulnCheck

Reservation

02/15/2026

Disclosure

02/15/2026

Moderation

accepted

CPE

ready

Exploit

Download

EPSS

0.00319

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!