CVE-2019-25385

MEDIUM

Smoothwall Express 3.1-SP4 Reflected XSS via MACHINE/MACHINECOMMENT

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25385. PoCs published by Ozer Goker.

AI-analyzed exploit summary This exploit demonstrates multiple stored and reflected XSS vulnerabilities in Smoothwall Express 3.1-SP4-polar-x86_64-update9. The payloads are simple JavaScript alerts injected into various parameters of CGI scripts.

Description

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the MACHINE and MACHINECOMMENT parameters. Attackers can send POST requests to the outgoing.cgi endpoint with script payloads to execute arbitrary JavaScript in users' browsers and steal session data.

Exploits (1)

exploitdb WORKING POC
by Ozer Goker · textwebappscgi
https://www.exploit-db.com/exploits/46333

This exploit demonstrates multiple stored and reflected XSS vulnerabilities in Smoothwall Express 3.1-SP4-polar-x86_64-update9. The payloads are simple JavaScript alerts injected into various parameters of CGI scripts.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Smoothwall Express 3.1-SP4-polar-x86_64-update9
No auth needed
Prerequisites: Access to the web interface of the target Smoothwall Express instance
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/46333
Various Sources product
http://www.smoothwall.org

Scores

CVSS v3 6.1
EPSS 0.0022
EPSS Percentile 12.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
smoothwall/smoothwall_express 3.1 sp4
Published Feb 16, 2026
Tracked Since Feb 18, 2026