CVE-2019-25398

MEDIUM

IPFire 2.21 Core Update 127 - Cross-Site Scripting via ovpnmain.cgi VPN Configuration Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25398. PoCs published by Ozer Goker.

AI-analyzed exploit summary The exploit demonstrates multiple reflected and stored XSS vulnerabilities in IPFire 2.21 Core Update 127 by providing specific URLs, methods, parameters, and payloads for each vulnerability. It includes detailed steps to reproduce the XSS attacks in the web interface.

Description

IPFire 2.21 Core Update 127 contains multiple cross-site scripting vulnerabilities in the ovpnmain.cgi script that allow attackers to inject malicious scripts through VPN configuration parameters. Attackers can submit POST requests with script payloads in parameters like VPN_IP, DMTU, ccdname, ccdsubnet, DOVPN_SUBNET, DHCP_DOMAIN, DHCP_DNS, DHCP_WINS, ROUTES_PUSH, FRAGMENT, KEEPALIVE_1, and KEEPALIVE_2 to execute arbitrary JavaScript in administrator browsers.

Exploits (1)

exploitdb WORKING POC

by Ozer Goker · textwebappscgi

https://www.exploit-db.com/exploits/46344

View Code ZIP pw:eip

The exploit demonstrates multiple reflected and stored XSS vulnerabilities in IPFire 2.21 Core Update 127 by providing specific URLs, methods, parameters, and payloads for each vulnerability. It includes detailed steps to reproduce the XSS attacks in the web interface.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: IPFire 2.21 Core Update 127

Auth required

Prerequisites: Access to the IPFire web interface · Valid session or authentication credentials

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/46344

Various Sources product

https://www.ipfire.org

Release Notes patch

https://downloads.ipfire.org/releases/ipfire-2.x/2.21-core127/ipfire-2.21.x86_64-full-core127.iso

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/ipfire-core-update-cross-site-scripting-via-ovpnma

Scores

CVSS v3 6.1

EPSS 0.0024

EPSS Percentile 15.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (2)

ipfire/ipfire 2.21 core_update127

Ipfire/IPFire IPFire 2.21 - Core Update 127

Published Feb 18, 2026

Tracked Since Feb 19, 2026