Cross-Site Scripting Vulnerability in WatchGuard Fireware OS
CVE-2025-13939

4.8MEDIUM

Key Information:

Vendor: Watchguard
Status: Fireware Os
Vendor: CVE Published:; 4 December 2025

What is CVE-2025-13939?

This vulnerability in WatchGuard Fireware OS relates to improper neutralization of input during web page generation, enabling stored cross-site scripting (XSS) attacks. Attackers can exploit this flaw by sending specially crafted input that the Fireware OS fails to sanitize properly, resulting in the execution of malicious scripts in the context of an affected user's session. Affected versions range from Fireware OS 11.7.2 through 2025.1.2, posing potential risks for users interacting with web interfaces controlled by the gateway wireless controller module.

Affected Version(s)

Fireware OS 11.7.2 <= 11.12.4+541730

Fireware OS 12.0 <= 12.11.4

Fireware OS 12.5 <= 12.5.13

References

https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-...

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Dec 4, 2025
Vulnerability Reserved
Dec 2, 2025

JSON

Watchguard

What is CVE-2025-13939?

Affected Version(s)

References

CVSS V4

Timeline