WatchGuard Mobile VPN with SSL Local Privilege Escalation via Non-Standard Installation Directory
Advisory ID
WGSA-2025-00004
CVE
CVE-2025-2781
Impact
Medium
Status
Resolved
Product Family
Other Software
Published Date
Updated Date
Workaround Available
False
CVSS Score
6.3
CVSS Vector
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H
Summary
The WatchGuard Mobile VPN with SSL Client on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system.
Affected
This issue affects the Mobile VPN with SSL Client from 11.0 through 12.11.
Resolution
This issue is resolved in the Mobile VPN with SSL Client release 12.11.2.
Advisory Product List
| Product Family | Product Branch | Product List |
|---|---|---|
Other Software
|
SSL VPN | SSL VPN |