CVE-2025-1545
8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Summary
An XPath Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from the Firebox configuration through an exposed authentication or management web interface. This vulnerability only affects Firebox systems that have at least one authentication hotspot configured.This issue affects Fireware OS 11.11 up to and including 11.12.4+541730, 12.0 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| WatchGuard | Fireware OS | 11.11 <= 11.12.4+541730 | affected |
| WatchGuard | Fireware OS | 12.0 <= 12.11.4 | affected |
| WatchGuard | Fireware OS | 12.5 <= 12.5.13 | affected |
| WatchGuard | Fireware OS | 2025.1 <= 2025.1.2 | affected |
Weaknesses
- CWE-91: CWE-91 XML Injection (aka Blind XPath Injection)
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.