WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in ConnectWise Technology Integration Configuration
Advisory ID
WGSA-2025-00022
CVE
CVE-2025-13937
Impact
Medium
Status
Resolved
Product Family
Firebox
Published Date
Updated Date
Workaround Available
False
CVSS Score
4.8
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Summary
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (ConnectWise Technology Integration module) allows Stored XSS.
Affected
This vulnerability affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2.
Resolution
| Vulnerable Version | Resolved Version |
|---|---|
| 2025.1 | 2025.1.3 |
| 12.x | 12.11.5 |
| 12.5.x (T15 & T35 models) | 12.5.14 |
Advisory Product List
| Product Family | Product Branch | Product List |
|---|---|---|
Firebox
|
Fireware OS 12.5.x | T15, T35 |
Firebox
|
Fireware OS 2025.1.x | T115-W, T125, T125-W, T145, T145-W, T185 |
Firebox
|
Fireware OS 12.x | T20, T25, T40, T45, T55, T70, T80, T85, M270, M290, M370, M390, M470, M570, M590, M670, M690, M440, M4600, M4800, M5600, M5800, Firebox Cloud, Firebox NV5, FireboxV |