Improper Directory Permission Configuration in WatchGuard Terminal Services Agent
CVE-2025-2782

6.3MEDIUM

Key Information:

Vendor
Watchguard
Status
Terminal Services Agent
Vendor
CVE Published:
28 March 2025

Summary

The WatchGuard Terminal Services Agent on Windows is susceptible to improper directory permissions when installed in non-default locations. This configuration flaw enables an authenticated local attacker to gain escalated SYSTEM privileges on the affected system, potentially allowing for the execution of arbitrary code with elevated permissions. Users are encouraged to review their installation settings and ensure default directory configurations to mitigate this risk.

Affected Version(s)

Terminal Services Agent Windows 12.0 <= 12.10

References

https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-...

CVSS V4

Score:
6.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

.
CVE-2025-2782 : Improper Directory Permission Configuration in WatchGuard Terminal Services Agent | SecurityVulnerability.io