Improper Directory Permission Configuration in WatchGuard Terminal Services Agent
CVE-2025-2782

6.3MEDIUM

Key Information:

Vendor: Watchguard
Status: Terminal Services Agent
Vendor: CVE Published:; 28 March 2025

What is CVE-2025-2782?

The WatchGuard Terminal Services Agent on Windows is susceptible to improper directory permissions when installed in non-default locations. This configuration flaw enables an authenticated local attacker to gain escalated SYSTEM privileges on the affected system, potentially allowing for the execution of arbitrary code with elevated permissions. Users are encouraged to review their installation settings and ensure default directory configurations to mitigate this risk.

Affected Version(s)

Terminal Services Agent Windows 12.0 <= 12.10

References

https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-...

CVSS V4

Score:

6.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 28, 2025

Watchguard

What is CVE-2025-2782?

Affected Version(s)

References

CVSS V4

Timeline