XPath Injection Vulnerability in WatchGuard Fireware OS
CVE-2025-1545

8.2HIGH

Key Information:

Vendor: Watchguard
Status: Fireware Os
Vendor: CVE Published:; 4 December 2025

What is CVE-2025-1545?

An XPath Injection vulnerability in WatchGuard Fireware OS permits remote, unauthenticated attackers to exploit exposed authentication or management web interfaces. By leveraging this flaw, attackers can access sensitive information stored within Firebox configurations. This issue specifically impacts Fireware OS versions that have active authentication hotspots configured, underscoring the need for users to ensure their systems are updated and secure.

Affected Version(s)

Fireware OS 11.11 <= 11.12.4+541730

Fireware OS 12.0 <= 12.11.4

Fireware OS 12.5 <= 12.5.13

References

https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-...

CVSS V4

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Dec 4, 2025
Vulnerability Reserved
Feb 21, 2025

JSON

Watchguard

What is CVE-2025-1545?

Affected Version(s)

References

CVSS V4

Timeline