Skip to main content

Fireware CVE-2025-13938

| EUVDEUVD-2025-201301 MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2025-12-04 5d1c2695-1a31-4499-88ae-e847036fd7e3
6.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Mar 15, 2026 - 16:35 euvd
EUVD-2025-201301
Analysis Generated
Mar 15, 2026 - 16:35 vuln.today
CVE Published
Dec 04, 2025 - 22:15 nvd
MEDIUM 6.1

DescriptionCVE.org

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Autotask Technology Integration module) allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2.

Analysis

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Autotask Technology Integration module) allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2.

Technical ContextAI

Cross-site scripting (XSS) allows injection of client-side scripts into web pages viewed by other users due to insufficient output encoding.

RemediationAI

Encode all user-supplied output contextually (HTML, JS, URL). Implement Content Security Policy (CSP) headers. Use HTTPOnly and Secure cookie flags.

CVE-2025-9242 CRITICAL POC
9.3 Sep 17

WatchGuard Fireware OS contains an out-of-bounds write in IKEv2 VPN handling enabling unauthenticated remote code execut

CVE-2025-1545 HIGH
7.5 Dec 04

An XPath Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensi

CVE-2025-11838 HIGH
7.5 Dec 04

A memory corruption vulnerability in WatchGuard Fireware OS may allow an unauthenticated attacker to trigger a Denial of

CVE-2025-12196 HIGH
7.2 Dec 04

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated privileged user to exe

CVE-2025-12195 HIGH
7.2 Dec 04

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated privileged user to exe

CVE-2026-3342 HIGH
7.2 Mar 03

WatchGuard Fireware OS contains an out-of-bounds write vulnerability in its management interface that permits authentica

CVE-2025-12026 HIGH
7.2 Dec 04

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS’s certificate request command could allow an authenticate

CVE-2025-1547 HIGH
7.2 Dec 04

A stack-based buffer overflow vulnerability [CWE-121] in WatchGuard Fireware OS's certificate request command could allo

CVE-2026-3343 MEDIUM
6.1 Mar 03

Fireware OS Web UI contains a reflected XSS vulnerability that allows attackers to execute arbitrary JavaScript in authe

CVE-2025-13939 MEDIUM
6.1 Dec 04

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard

CVE-2025-13937 MEDIUM
6.1 Dec 04

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard

CVE-2025-13936 MEDIUM
6.1 Dec 04

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard

Share

CVE-2025-13938 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy