CVE-2025-1545 WatchGuard Firebox XPath Injection Vulnerability in Web CGI

🗓️ 04 Dec 2025 21:48:27Reported by WatchGuardType

XPath injection on WatchGuard Fireware OS enables remote unauthenticated access to Firebox configuration via the web interface when hotspots exist.

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2025-1545	4 Dec 202522:08	–	circl
CNNVD	WatchGuard Fireware OS 安全漏洞	4 Dec 202500:00	–	cnnvd
CVE	CVE-2025-1545	4 Dec 202521:48	–	cve
EUVD	EUVD-2025-201297	5 Dec 202500:31	–	euvd
NVD	CVE-2025-1545	4 Dec 202522:15	–	nvd
Positive Technologies	PT-2025-49165	4 Dec 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-1545	5 Dec 202522:33	–	redhatcve
Vulnrichment	CVE-2025-1545 WatchGuard Firebox XPath Injection Vulnerability in Web CGI	4 Dec 202521:48	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "product": "Fireware OS",
    "vendor": "WatchGuard",
    "versions": [
      {
        "lessThanOrEqual": "11.12.4+541730",
        "status": "affected",
        "version": "11.11",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "12.11.4",
        "status": "affected",
        "version": "12.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "12.5.13",
        "status": "affected",
        "version": "12.5",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "2025.1.2",
        "status": "affected",
        "version": "2025.1",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
watchguard	www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00025

05 Dec 2025 14:33Current

CVSS 48.2

EPSS0.00057

CWE-91