Cross-site Scripting Vulnerability in WatchGuard Fireware OS
CVE-2025-6946
4.8MEDIUM
What is CVE-2025-6946?
A Cross-site Scripting (XSS) vulnerability exists in WatchGuard Fireware OS, specifically within the IPS module. This vulnerability can lead to stored XSS attacks, which require an authenticated administrator session on a locally managed Firebox. Affected versions include Firebox 12.0 through 12.11.2, highlighting the need for immediate action to protect against potential exploitation.
Affected Version(s)
Fireware OS 12.0 <= 12.11.2
References
CVSS V4
Score:
4.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown
Timeline
Vulnerability published
Vulnerability Reserved