CVE-2025-1545

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-1545

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-1545.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-1545

Published

2025-12-04T22:15:48.290Z

Modified

2026-03-12T17:38:26.784023Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

An XPath Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from the Firebox configuration through an exposed authentication or management web interface. This vulnerability only affects Firebox systems that have at least one authentication hotspot configured.This issue affects Fireware OS 11.11 up to and including 11.12.4+541730, 12.0 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2.

References

https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00025

Affected packages

Git /

Affected ranges

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "2025.1"
            },
            {
                "fixed": "2025.1.3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "11.11"
            },
            {
                "fixed": "12.11.5"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "11.11"
            },
            {
                "fixed": "12.5.14"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-1545.json"