Stored Cross-site Scripting Vulnerability in WatchGuard Fireware OS
CVE-2025-1071

4.8MEDIUM

Key Information:

Vendor: Watchguard
Status: Fireware Os
Vendor: CVE Published:; 14 February 2025

Summary

A Stored Cross-site Scripting (XSS) vulnerability exists in WatchGuard Fireware OS due to improper handling of input during web page generation, specifically within the spamBlocker module. This vulnerability requires an authenticated administrator session to exploit, allowing attackers to inject malicious scripts that are subsequently executed in the context of other users. This poses significant risks as it can lead to data theft, session hijacking, and other malicious activities if left unaddressed.

Affected Version(s)

Fireware OS 12.0 <= 12.5.12+701324

Fireware OS 12.6 <= 12.11

References

https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-...

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Feb 14, 2025
Vulnerability Reserved
Feb 5, 2025

Credit

Simone Paganessi (https://www.linkedin.com/in/simonepaganessi)