Stack Overflow Vulnerability in Web Application Firewall by Vendor
CVE-2025-44895

6.5MEDIUM

Key Information:

Vendor: Vendor
Status: FW-WGS-804HPT
Vendor: CVE Published:; 21 May 2025

What is CVE-2025-44895?

The FW-WGS-804HPT web application firewall has been found to contain a stack overflow vulnerability. This issue arises in the web_acl_ipv4BasedAceAdd function, which mishandles the ipv4Aclkey parameter. Exploitation of this vulnerability could allow attackers to execute arbitrary code, potentially compromising the security of the application and the underlying system.

References

https://lafdrew.github.io/2025/04/18/web-acl-ipv4BasedAce...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 21, 2025
Vulnerability Reserved
Apr 22, 2025