Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-6946

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the IPS module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Firebox: from 12.0 through 12.11.2.

Published

2025-12-04T22:15:49.833

Last Modified

2025-12-10T16:07:29.360

Status

Analyzed

Source

5d1c2695-1a31-4499-88ae-e847036fd7e3

Severity

CVSSv3.1: 4.8 (MEDIUM)

Weaknesses

Type: Secondary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	watchguard	fireware	< 12.11.3	Yes
Hardware	watchguard	firebox_m270	-	No
Hardware	watchguard	firebox_m290	-	No
Hardware	watchguard	firebox_m370	-	No
Hardware	watchguard	firebox_m390	-	No
Hardware	watchguard	firebox_m440	-	No
Hardware	watchguard	firebox_m4600	-	No
Hardware	watchguard	firebox_m470	-	No
Hardware	watchguard	firebox_m4800	-	No
Hardware	watchguard	firebox_m5600	-	No
Hardware	watchguard	firebox_m570	-	No
Hardware	watchguard	firebox_m5800	-	No
Hardware	watchguard	firebox_m590	-	No
Hardware	watchguard	firebox_m670	-	No
Hardware	watchguard	firebox_m690	-	No
Hardware	watchguard	firebox_nv5	-	No
Hardware	watchguard	firebox_t20	-	No
Hardware	watchguard	firebox_t25	-	No
Hardware	watchguard	firebox_t40	-	No
Hardware	watchguard	firebox_t45	-	No
Hardware	watchguard	firebox_t55	-	No
Hardware	watchguard	firebox_t70	-	No
Hardware	watchguard	firebox_t80	-	No
Hardware	watchguard	firebox_t85	-	No
Hardware	watchguard	fireboxcloud	-	No
Hardware	watchguard	fireboxv	-	No
Operating System	watchguard	fireware	< 12.5.13	Yes
Hardware	watchguard	firebox_t15	-	No
Hardware	watchguard	firebox_t35	-	No

References

https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00011 Vendor Advisory (5d1c2695-1a31-4499-88ae-e847036fd7e3)