4 matches found
CVE-2025-1547
WatchGuard Fireware OS has a stack-based buffer overflow in the certificate request CLI command (CWE-121) that could allow an authenticated privileged user to execute arbitrary code. Affected releases: Fireware OS 12.0–12.5.12+701324 and 12.6–12.11.2. Root cause appears to be insufficient bounds ...
CVE-2025-6946 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in IPS Configuration
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS allows Stored XSS via the IPS module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Firebox: from...
CVE-2025-6947 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in SIP Proxy Configuration
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS allows Stored XSS via the SIP Proxy module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Firebox...
PT-2025-37771
Name of the Vulnerable Software and Affected Versions: WatchGuard Fireware OS versions 12.0 through 12.11.2 Description: An HTTP Request Smuggling vulnerability exists in the Authentication portal of WatchGuard Fireware OS, allowing a remote attacker to evade request parameter sanitation and...