CVE-2025-1549

Summary

A local privilege escalation vulnerability in the WatchGuard Mobile VPN with SSL client on Windows enables a local user to execute arbitrary commands with elevated privileges on the Windows system. This vulnerability is an additional unmitigated attack path for CVE-2024-4944.

This vulnerability is resolved in the Mobile VPN with SSL client for Windows version 12.11.5

Affected Software

VendorProductVersion RangeStatus
WatchGuardMobile VPN with SSL Client12.0 <= 12.11.5affected

Weaknesses

  • CWE-77: CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References