4.8
CVE-2025-6946
- EPSS 0.03%
- Veröffentlicht 04.12.2025 21:48:50
- Zuletzt bearbeitet 10.12.2025 16:07:29
- Quelle 5d1c2695-1a31-4499-88ae-e84703
- CVE-Watchlists
- Unerledigt
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the IPS module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Firebox: from 12.0 through 12.11.2.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch National Vulnerability Database (NVD)
Watchguard ≫ Fireware Version >= 12.0.0 < 12.11.3
Watchguard ≫ Firebox M270 Version-
Watchguard ≫ Firebox M290 Version-
Watchguard ≫ Firebox M370 Version-
Watchguard ≫ Firebox M390 Version-
Watchguard ≫ Firebox M440 Version-
Watchguard ≫ Firebox M4600 Version-
Watchguard ≫ Firebox M470 Version-
Watchguard ≫ Firebox M4800 Version-
Watchguard ≫ Firebox M5600 Version-
Watchguard ≫ Firebox M570 Version-
Watchguard ≫ Firebox M5800 Version-
Watchguard ≫ Firebox M590 Version-
Watchguard ≫ Firebox M670 Version-
Watchguard ≫ Firebox M690 Version-
Watchguard ≫ Firebox Nv5 Version-
Watchguard ≫ Firebox T20 Version-
Watchguard ≫ Firebox T25 Version-
Watchguard ≫ Firebox T40 Version-
Watchguard ≫ Firebox T45 Version-
Watchguard ≫ Firebox T55 Version-
Watchguard ≫ Firebox T70 Version-
Watchguard ≫ Firebox T80 Version-
Watchguard ≫ Firebox T85 Version-
Watchguard ≫ Fireboxcloud Version-
Watchguard ≫ Fireboxv Version-
Watchguard ≫ Firebox M290 Version-
Watchguard ≫ Firebox M370 Version-
Watchguard ≫ Firebox M390 Version-
Watchguard ≫ Firebox M440 Version-
Watchguard ≫ Firebox M4600 Version-
Watchguard ≫ Firebox M470 Version-
Watchguard ≫ Firebox M4800 Version-
Watchguard ≫ Firebox M5600 Version-
Watchguard ≫ Firebox M570 Version-
Watchguard ≫ Firebox M5800 Version-
Watchguard ≫ Firebox M590 Version-
Watchguard ≫ Firebox M670 Version-
Watchguard ≫ Firebox M690 Version-
Watchguard ≫ Firebox Nv5 Version-
Watchguard ≫ Firebox T20 Version-
Watchguard ≫ Firebox T25 Version-
Watchguard ≫ Firebox T40 Version-
Watchguard ≫ Firebox T45 Version-
Watchguard ≫ Firebox T55 Version-
Watchguard ≫ Firebox T70 Version-
Watchguard ≫ Firebox T80 Version-
Watchguard ≫ Firebox T85 Version-
Watchguard ≫ Fireboxcloud Version-
Watchguard ≫ Fireboxv Version-
Watchguard ≫ Fireware Version >= 12.5 < 12.5.13
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.075 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.8 | 1.7 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
|
| 5d1c2695-1a31-4499-88ae-e847036fd7e3 | 4.8 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.