CVE-2025-2782

Summary

The WatchGuard Terminal Services Agent on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system.

This issue affects Terminal Services Agent: from 12.0 through 12.10.

Affected Software

VendorProductVersion RangeStatus
WatchGuardTerminal Services Agent12.0 <= 12.10affected

Weaknesses

  • CWE-276: CWE-276 Incorrect Default Permissions

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References