CVE-2019-25375
Reflected XSS in OPNsense 19.1 Mailserver Parameter Enables Code Execution
Publication date: 2026-02-15
Last updated on: 2026-02-18
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| opnsense | opnsense | 19.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2019-25375 is a reflected cross-site scripting (XSS) vulnerability in OPNsense version 19.1 and earlier. It occurs because the application does not properly neutralize user input when generating web pages.'}, {'type': 'paragraph', 'content': 'Unauthenticated attackers can exploit this by sending specially crafted POST requests to the monit interface, injecting malicious JavaScript code via the "mailserver" parameter.'}, {'type': 'paragraph', 'content': 'When a user accesses the affected interface, the injected script executes in their browser, potentially allowing arbitrary code execution.'}] [1]
How can this vulnerability impact me? :
This vulnerability can allow attackers to execute arbitrary JavaScript code in the browsers of users who access the monit interface.
Potential impacts include theft of user session data, redirection to malicious sites, or other actions performed on behalf of the user without their consent.
Since the attack requires user interaction (the user must access the affected interface), the risk depends on user behavior.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for suspicious POST requests sent to the monit interface containing the "mailserver" parameter with potentially malicious JavaScript payloads.'}, {'type': 'paragraph', 'content': 'A practical approach is to capture and analyze HTTP POST traffic targeting the monit interface on OPNsense 19.1 or earlier versions.'}, {'type': 'list_item', 'content': 'Use network traffic capture tools like tcpdump or Wireshark to filter POST requests to the monit interface.'}, {'type': 'list_item', 'content': 'Example tcpdump command to capture HTTP POST requests to the monit interface (assuming default port 80):'}, {'type': 'list_item', 'content': "tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep 'POST /monit'"}, {'type': 'list_item', 'content': 'Inspect the captured POST data for the presence of the "mailserver" parameter containing suspicious JavaScript code or encoded payloads.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'The immediate mitigation step is to upgrade OPNsense to version 19.1.1 or later, where this reflected XSS vulnerability has been fixed.'}, {'type': 'paragraph', 'content': 'Until the upgrade can be performed, restrict access to the monit interface to trusted users only, for example by limiting network access via firewall rules.'}, {'type': 'paragraph', 'content': 'Additionally, monitor and block suspicious POST requests containing the "mailserver" parameter with unexpected input to reduce the risk of exploitation.'}] [1]