CVE-2025-6946

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS allows Stored XSS via the IPS module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Firebox: from...

EUVD-2025-201296

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS allows Stored XSS via the IPS module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Firebox: from...

CVE-2025-1547

WatchGuard Fireware OS has a stack-based buffer overflow in the certificate request CLI command (CWE-121) that could allow an authenticated privileged user to execute arbitrary code. Affected releases: Fireware OS 12.0–12.5.12+701324 and 12.6–12.11.2. Root cause appears to be insufficient bounds ...

CVE-2025-6946 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in IPS Configuration

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS allows Stored XSS via the IPS module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Firebox: from...

CVE-2025-6946 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in IPS Configuration

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS allows Stored XSS via the IPS module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Firebox: from...

CVE-2025-4106 WatchGuard Firebox leftover debug code vulnerability

An authenticated admin user with access to both the management WebUI and command line interface on a Firebox can enable a diagnostic debug shell by uploading a platform and version-specific diagnostic package and executing a leftover diagnostic command. This issue affects Fireware OS: from 12.0...

CVE-2025-6947

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS allows Stored XSS via the SIP Proxy module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Firebox...

CVE-2025-6947 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in SIP Proxy Configuration

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS allows Stored XSS via the SIP Proxy module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Firebox...

CVE-2025-6999

CVE-2025-6999 describes an HTTP Request Smuggling (CWE-444) vulnerability in the WatchGuard Fireware OS Authentication portal, affecting Fireware OS versions 12.0–12.11.2. The issue allows a remote attacker to evade request parameter sanitation and perform a reflected self-XSS attack. The vulnera...

CVE-2025-6999 WatchGuard Firebox Authentication Portal Request Smuggling Vulnerability

An HTTP Request Smuggling CWE-444 vulnerability in the Authentication portal of WatchGuard Fireware OS allows a remote attacker to evade request parameter sanitation and perform a reflected self-Cross-Site Scripting XSS attack.This issue affects Fireware OS: from 12.0 through 12.11.2...

PT-2025-37771

Name of the Vulnerable Software and Affected Versions: WatchGuard Fireware OS versions 12.0 through 12.11.2 Description: An HTTP Request Smuggling vulnerability exists in the Authentication portal of WatchGuard Fireware OS, allowing a remote attacker to evade request parameter sanitation and...

WatchGuard Fireware OS Firebox 安全漏洞

WatchGuard Fireware OS Firebox is a network security hardware appliance from WatchGuard USA. A security vulnerability exists in WatchGuard Fireware OS Firebox versions 12.0 through 12.11.2, which stems from improper input neutralization in the SIP Proxy module and could lead to a stored cross-sit...

PT-2025-37770

Name of the Vulnerable Software and Affected Versions: WatchGuard Fireware OS versions 12.0 through 12.11.2 Description: A Stored Cross-site Scripting XSS issue exists within the SIP Proxy module of WatchGuard Fireware OS. Exploitation requires an authenticated administrator session to a locally...