CVE-2025-13940

cc: @Dio9sys @da_667 but I didn't look to see if they were network vulns that you could write sigs for or not.

0
3
0
3h ago

CVE-2025-13938

Overview

WatchGuard
Fireware OS

04 Dec 2025

Published

04 Dec 2025

Updated

CVSS v4.0

MEDIUM (4.8)

EPSS

Pending

MITRE

KEV

Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Autotask Technology Integration module) allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2.

Statistics

1 Post
3 Interactions

Last activity: 3 hours ago

Fediverse

cR0w h0 h0 @cR0w

WatchGuard

cc: @Dio9sys @da_667 but I didn't look to see if they were network vulns that you could write sigs for or not.

0
3
0
3h ago

CVE-2025-12026

Overview

WatchGuard
Fireware OS

04 Dec 2025

Published

04 Dec 2025

Updated

CVSS v4.0

HIGH (8.6)

EPSS

Pending

MITRE

KEV

Description

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS’s certificate request command could allow an authenticated privileged user to execute arbitrary code via specially crafted CLI commands.This vulnerability affects Fireware OS 12.0 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2.

Statistics

1 Post
3 Interactions

Last activity: 3 hours ago

Fediverse

cR0w h0 h0 @cR0w

WatchGuard

cc: @Dio9sys @da_667 but I didn't look to see if they were network vulns that you could write sigs for or not.

0
3
0
3h ago

CVE-2025-13936

Overview

WatchGuard
Fireware OS

04 Dec 2025

Published

04 Dec 2025

Updated

CVSS v4.0

MEDIUM (4.8)

EPSS

Pending

MITRE

KEV

Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Tigerpaw Technology Integration module) allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2.

Statistics

1 Post
3 Interactions

Last activity: 3 hours ago

Fediverse

cR0w h0 h0 @cR0w

WatchGuard

cc: @Dio9sys @da_667 but I didn't look to see if they were network vulns that you could write sigs for or not.

0
3
0
3h ago

CVE-2025-11838

Overview

WatchGuard
Fireware OS

04 Dec 2025

Published

04 Dec 2025

Updated

CVSS v4.0

HIGH (8.7)

EPSS

Pending

MITRE

KEV

Description

A memory corruption vulnerability in WatchGuard Fireware OS may allow an unauthenticated attacker to trigger a Denial of Service (DoS) condition in the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer. This vulnerability affects Fireware OS 12.0 up to and including 12.11.4 and 2025.1 up to and including 2025.1.2.

Statistics

1 Post
3 Interactions

Last activity: 3 hours ago

Fediverse

cR0w h0 h0 @cR0w

WatchGuard

cc: @Dio9sys @da_667 but I didn't look to see if they were network vulns that you could write sigs for or not.

0
3
0
3h ago

CVE-2025-1910

Overview

WatchGuard
Mobile VPN with SSL Client

04 Dec 2025

Published

04 Dec 2025

Updated

CVSS v4.0

MEDIUM (6.3)

EPSS

Pending

MITRE

KEV

Description

The WatchGuard Mobile VPN with SSL Client on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/SYSTEM on the Windows machine where the VPN Client is installed.This issue affects the Mobile VPN with SSL Client 12.0 up to and including 12.11.2.

Statistics

1 Post
3 Interactions

Last activity: 3 hours ago

Fediverse

cR0w h0 h0 @cR0w

WatchGuard

cc: @Dio9sys @da_667 but I didn't look to see if they were network vulns that you could write sigs for or not.

0
3
0
3h ago

CVE-2025-13937

Overview

WatchGuard
Fireware OS

04 Dec 2025

Published

04 Dec 2025

Updated

CVSS v4.0

MEDIUM (4.8)

EPSS

Pending

MITRE

KEV

Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (ConnectWise Technology Integration module) allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2.

Statistics

1 Post
3 Interactions

Last activity: 3 hours ago

Fediverse

cR0w h0 h0 @cR0w

WatchGuard

cc: @Dio9sys @da_667 but I didn't look to see if they were network vulns that you could write sigs for or not.

0
3
0
3h ago

CVE-2025-12195

Overview

WatchGuard
Fireware OS

04 Dec 2025

Published

04 Dec 2025

Updated

CVSS v4.0

HIGH (8.6)

EPSS

Pending

MITRE

KEV

Description

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated privileged user to execute arbitrary code via specially crafted IPSec configuration CLI commands.This vulnerability affects Fireware OS 11.0 up to and including 11.12.4+541730, 12.0 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2.

Statistics

1 Post
3 Interactions

Last activity: 3 hours ago

Fediverse

cR0w h0 h0 @cR0w

WatchGuard

cc: @Dio9sys @da_667 but I didn't look to see if they were network vulns that you could write sigs for or not.