CVE-2025-1545

EPSS 0.09%
Veröffentlicht 04.12.2025 21:48:27
Zuletzt bearbeitet 10.12.2025 16:05:35
Quelle 5d1c2695-1a31-4499-88ae-e84703
CVE-Watchlists
Login
Unerledigt
Login

An XPath Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from the Firebox configuration through an exposed authentication or management web interface. This vulnerability only affects Firebox systems that have at least one authentication hotspot configured.This issue affects Fireware OS 11.11 up to and including 11.12.4+541730, 12.0 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Watchguard ≫ Fireware Version >= 2025.1 < 2025.1.3

   Watchguard ≫ Firebox T115-w Version-
   Watchguard ≫ Firebox T125 Version-
   Watchguard ≫ Firebox T125-w Version-
   Watchguard ≫ Firebox T145 Version-
   Watchguard ≫ Firebox T145-w Version-
   Watchguard ≫ Firebox T185 Version-

Watchguard ≫ Fireware Version >= 11.11 < 12.11.5

   Watchguard ≫ Firebox M270 Version-
   Watchguard ≫ Firebox M290 Version-
   Watchguard ≫ Firebox M370 Version-
   Watchguard ≫ Firebox M390 Version-
   Watchguard ≫ Firebox M440 Version-
   Watchguard ≫ Firebox M4600 Version-
   Watchguard ≫ Firebox M470 Version-
   Watchguard ≫ Firebox M4800 Version-
   Watchguard ≫ Firebox M5600 Version-
   Watchguard ≫ Firebox M570 Version-
   Watchguard ≫ Firebox M5800 Version-
   Watchguard ≫ Firebox M590 Version-
   Watchguard ≫ Firebox M670 Version-
   Watchguard ≫ Firebox M690 Version-
   Watchguard ≫ Firebox Nv5 Version-
   Watchguard ≫ Firebox T20 Version-
   Watchguard ≫ Firebox T25 Version-
   Watchguard ≫ Firebox T40 Version-
   Watchguard ≫ Firebox T45 Version-
   Watchguard ≫ Firebox T55 Version-
   Watchguard ≫ Firebox T70 Version-
   Watchguard ≫ Firebox T80 Version-
   Watchguard ≫ Firebox T85 Version-
   Watchguard ≫ Fireboxcloud Version-
   Watchguard ≫ Fireboxv Version-

Watchguard ≫ Fireware Version >= 11.11 < 12.5.14

Watchguard ≫ Firebox T15 Version-
Watchguard ≫ Firebox T35 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.25

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5d1c2695-1a31-4499-88ae-e847036fd7e3	8.2	0	0	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-91 XML Injection (aka Blind XPath Injection)

The product does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.

https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00025

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-1545

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-1545

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-1545

EUVD