WatchGuard Firebox Authentication Portal Request Smuggling Vulnerability

Advisory ID

WGSA-2025-00014

CVE

CVE-2025-6999

Impact

Medium

Status

Resolved

Product Family

Firebox

Published Date

2025-07-10

Updated Date

2025-12-05

Workaround Available

False

CVSS Score

6.9

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Summary

An HTTP Request Smuggling [CWE-444] vulnerability in the Authentication portal of WatchGuard Fireware OS allows a remote attacker to evade request parameter sanitation and perform a reflected self-Cross-Site Scripting (XSS) attack.
WatchGuard does not believe there is a practical exploit chain with a meaningful impact for this vulnerability.

Affected

This issue affects Fireware OS: from 12.0 up to and including 12.11.2.

Resolution

Resolved in Fireware OS 12.11.3.

Advisory Product List

Product Family	Product Branch	Product List
Firebox	Fireware OS 12.5.x	T15, T35
Firebox	Fireware OS 12.x	T20, T25, T40, T45, T55, T70, T80, T85, M270, M290, M370, M390, M470, M570, M590, M670, M690, M440, M4600, M4800, M5600, M5800, Firebox Cloud, Firebox NV5, FireboxV

Lista de Avisos

Go to