CVE-2019-25399 in IPFire
Summary
by MITRE • 02/19/2026
IPFire 2.21 Core Update 127 contains multiple stored cross-site scripting vulnerabilities in the extrahd.cgi script that allow attackers to inject malicious scripts through the FS, PATH, and UUID parameters. Attackers can submit POST requests with script payloads in these parameters to execute arbitrary JavaScript in the context of authenticated administrator sessions.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 02/27/2026
The vulnerability identified as CVE-2019-25399 affects IPFire version 2.21 Core Update 127 and represents a critical stored cross-site scripting flaw within the extrahd.cgi web application component. This vulnerability resides in the handling of user-supplied input parameters and specifically impacts the FS, PATH, and UUID parameters that are processed by the script. The flaw allows remote attackers to inject malicious JavaScript code that persists within the application's data storage, making it particularly dangerous as the malicious payloads remain active until explicitly removed by administrators.
The technical implementation of this vulnerability stems from insufficient input validation and output sanitization within the extrahd.cgi script. When administrators submit POST requests containing malicious payloads in the affected parameters, the application fails to properly sanitize or escape the input data before storing it in the system. This stored data is then subsequently rendered in the web interface without adequate protection mechanisms, creating an environment where the injected JavaScript executes within the context of authenticated administrator sessions. The vulnerability specifically targets the authentication and authorization boundaries of the IPFire management interface, as successful exploitation requires only a basic web browser and network access to the vulnerable system.
The operational impact of CVE-2019-25399 is severe and potentially catastrophic for affected organizations. Attackers who successfully exploit this vulnerability can execute arbitrary JavaScript code with the privileges of authenticated administrators, effectively gaining full control over the firewall appliance. This privilege escalation capability enables attackers to modify firewall rules, access sensitive network traffic, exfiltrate data, and potentially establish persistent backdoors within the network infrastructure. The stored nature of the vulnerability means that even after the initial attack, the malicious code continues to execute whenever the affected parameters are processed, creating a long-term threat vector that can persist across system reboots and updates. The vulnerability affects the core network security infrastructure, potentially compromising the entire organization's network security posture.
Security practitioners should implement immediate mitigations including applying the vendor-provided patch for IPFire Core Update 127, which addresses the input validation issues in the extrahd.cgi script. Network segmentation and monitoring should be enhanced to detect anomalous POST requests targeting the vulnerable parameters, with intrusion detection systems configured to alert on suspicious script payloads. Access controls should be strengthened through multi-factor authentication and role-based access controls to limit the potential impact of successful exploitation. Additionally, regular security assessments should include vulnerability scanning of network infrastructure components to identify similar stored XSS vulnerabilities in other applications. This vulnerability aligns with CWE-79, which addresses cross-site scripting flaws, and maps to ATT&CK technique T1059.007 for scripting, demonstrating how initial access through web application vulnerabilities can lead to persistent command execution within target environments. Organizations should also consider implementing web application firewalls to provide additional protection layers against similar exploitation techniques.