Directory Permissions Vulnerability in WatchGuard Mobile VPN on Windows
CVE-2025-2781

6.3MEDIUM

Key Information:

Vendor
Watchguard
Status
Mobile Vpn With Ssl Client
Vendor
CVE Published:
28 March 2025

Summary

The WatchGuard Mobile VPN with SSL Client for Windows contains a vulnerability due to improper configuration of directory permissions when installed in a non-default location. This security flaw can be exploited by authenticated local attackers, allowing them to gain SYSTEM privileges on affected systems. The issue affects multiple versions of the Mobile VPN, specifically versions 11.0 through 12.11, underscoring the necessity for users to ensure proper installation practices and apply relevant patches from WatchGuard.

Affected Version(s)

Mobile VPN with SSL Client Windows 11.0 <= 12.11

References

https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-...

CVSS V4

Score:
6.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

.
CVE-2025-2781 : Directory Permissions Vulnerability in WatchGuard Mobile VPN on Windows | SecurityVulnerability.io