WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Gateway Wireless Controller
Advisory ID
WGSA-2025-00024
CVE
CVE-2025-13939
Impact
Medium
Status
Resolved
Product Family
Firebox
Published Date
Updated Date
Workaround Available
False
CVSS Score
4.8
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Summary
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Gateway Wireless Controller module) allows Stored XSS.
Affected
This issue affects Fireware OS 11.7.2 up to and including 11.12.4+541730, 12.0 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2.
Resolution
| Vulnerable Version | Resolved Version |
|---|---|
| 2025.1 | 2025.1.3 |
| 12.x | 12.11.5 |
| 12.5.x (T15 & T35 models) | 12.5.14 |
| 11.x | End of Life |
Credits
https://www.linkedin.com/in/simonepaganessi
Advisory Product List
| Product Family | Product Branch | Product List |
|---|---|---|
Firebox
|
Fireware OS 12.5.x | T15, T35 |
Firebox
|
Fireware OS 2025.1.x | T115-W, T125, T125-W, T145, T145-W, T185 |
Firebox
|
Fireware OS 12.x | T20, T25, T40, T45, T55, T70, T80, T85, M270, M290, M370, M390, M470, M570, M590, M670, M690, M440, M4600, M4800, M5600, M5800, Firebox Cloud, Firebox NV5, FireboxV |