Directory Permissions Vulnerability in WatchGuard Mobile VPN on Windows
CVE-2025-2781

6.3MEDIUM

Key Information:

Vendor: Watchguard
Status: Mobile Vpn With Ssl Client
Vendor: CVE Published:; 28 March 2025

What is CVE-2025-2781?

The WatchGuard Mobile VPN with SSL Client for Windows contains a vulnerability due to improper configuration of directory permissions when installed in a non-default location. This security flaw can be exploited by authenticated local attackers, allowing them to gain SYSTEM privileges on affected systems. The issue affects multiple versions of the Mobile VPN, specifically versions 11.0 through 12.11, underscoring the necessity for users to ensure proper installation practices and apply relevant patches from WatchGuard.

Affected Version(s)

Mobile VPN with SSL Client Windows 11.0 <= 12.11

References

https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-...

CVSS V4

Score:

6.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 28, 2025

Watchguard

What is CVE-2025-2781?

Affected Version(s)

References

CVSS V4

Timeline