Stored Cross-Site Scripting in WatchGuard Fireware OS
CVE-2025-1239

4.8MEDIUM

Key Information:

Vendor: Watchguard
Status: Fireware Os
Vendor: CVE Published:; 14 February 2025

Summary

An improperly handled input during web page generation in WatchGuard Fireware OS leads to a Stored Cross-Site Scripting (XSS) vulnerability. This security flaw allows attackers to inject malicious scripts into the Blocked Sites list. Exploitation of this vulnerability necessitates an authenticated administrator session on a locally managed Firebox, posing significant risks to the integrity and confidentiality of the system. Affected versions range from 12.0 through 12.5.12+701324 and 12.6 through 12.11, emphasizing the critical need for vigilant security measures and prompt updates.

Affected Version(s)

Fireware OS 12.0 <= 12.5.12+701324

Fireware OS 12.6 <= 12.11

References

https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-...

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Feb 14, 2025
Vulnerability Reserved
Feb 11, 2025

Credit

Simone Paganessi (https://www.linkedin.com/in/simonepaganessi)