WatchGuard Mobile VPN with SSL Local Privilege Escalation
Advisory ID
WGSA-2025-00016
CVE
CVE-2025-1549
Impact
Medium
Status
Acknowledged
Product Family
Other Software
Published Date
Updated Date
Workaround Available
False
CVSS Score
6.3
CVSS Vector
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
Summary
Updated December 4 2025: Modified the status of this vulnerability as unresolved after identifying an additional bypass.
A local privilege escalation vulnerability in the WatchGuard Mobile VPN with SSL client on Windows enables a local user to execute arbitrary commands with elevated privileges on the Windows system. This vulnerability is an additional unmitigated attack path for CVE-2024-4944.
Affected
WatchGuard Mobile VPN with SSL for Windows up to and including version 12.10.5
Resolution
This vulnerability was partially mitigated in 12.11.3 but the mobile VPN with SSL client application remains vulnerable to some attack paths.
Credits
Defence Tech Malware Lab
Advisory Product List
| Product Family | Product Branch | Product List |
|---|---|---|
Other Software
|
SSL VPN | SSL VPN |