WatchGuard Mobile VPN with SSL Local Privilege Escalation
Advisory ID
WGSA-2025-00008
CVE
CVE-2025-1910
Impact
High
Status
Acknowledged
Product Family
Other Software
Published Date
Updated Date
Workaround Available
False
CVSS Score
8.5
CVSS Vector
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
Updated 2024-06-03 to clarify the potential impact scope for this vulnerability.
The WatchGuard Mobile VPN with SSL Client on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/SYSTEM on the Windows machine where the VPN Client is installed.
Affected
This issue affects the Mobile VPN with SSL Client from 11.0 up to and including 12.11.2.
Resolution
This vulnerability is currently unresolved. WatchGuard will release additional information once a resolution is available.
Credits
AKASEC
Advisory Product List
| Product Family | Product Branch | Product List |
|---|---|---|
Other Software
|
SSL VPN | SSL VPN |