Cross-Site Scripting Vulnerability in WatchGuard Fireware OS
CVE-2025-13938

4.8MEDIUM

Key Information:

Vendor: Watchguard
Status: Fireware Os
Vendor: CVE Published:; 4 December 2025

What is CVE-2025-13938?

A Cross-Site Scripting vulnerability exists in the WatchGuard Fireware OS, specifically within the Autotask Technology Integration module. This vulnerability arises from improper neutralization of user input during web page generation, allowing attackers to execute malicious scripts in the context of the user's browser. It affects Fireware OS versions ranging from 12.4 to 12.11.4, including 12.5 up to 12.5.13 and 2025.1 up to 2025.1.2. Remediation is crucial to protect against potential data exposure and other attacks leveraging this flaw.

Affected Version(s)

Fireware OS 12.4 <= 12.11.4

Fireware OS 12.5 <= 12.5.13

Fireware OS 2025.1 <= 2025.1.2

References

https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-...

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Dec 4, 2025
Vulnerability Reserved
Dec 2, 2025

JSON

Watchguard

What is CVE-2025-13938?

Affected Version(s)

References

CVSS V4

Timeline