WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in SpamBlocker Module
Advisory ID
WGSA-2025-00001
CVE
CVE-2025-1071
Impact
Medium
Status
Resolved
Product Family
Firebox
Published Date
Updated Date
Workaround Available
False
CVSS Score
4.8
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Summary
Updated September 17 2025: Updated to add Fireware OS 12.5.13 as a resolved release
A stored cross-site scripting (XSS) vulnerability exists in the management interface of WatchGuard Firebox appliances via the spamBlocker module. An authenticated remote attacker with administrator privileges could exploit this vulnerability to execute arbitrary JavaScript code in the Firebox management interface of another management user.
Affected
This issue affects Fireware OS: from 12.0 up to and including 12.11.
Resolution
| Vulnerable Version | Resolved Version |
|---|---|
| 12.x | 12.11.1 |
| 12.5.x (T15 & T35 models) | 12.5.13 |
Credits
Simone Paganessi (https://www.linkedin.com/in/simonepaganessi)
Advisory Product List
| Product Family | Product Branch | Product List |
|---|---|---|
Firebox
|
Fireware OS 12.5.x | T15, T35 |
Firebox
|
Fireware OS 12.x | T20, T25, T40, T45, T55, T70, T80, T85, M270, M290, M370, M390, M470, M570, M590, M670, M690, M440, M4600, M4800, M5600, M5800, Firebox Cloud, Firebox NV5, FireboxV |