CVE-2025-13937
MEDIUMWatchGuard Fireware 12.4-12.11.4, 12.5-12.5.13, 2025.1-2025.1.2 - Stored XSS in ConnectWise Module
Title source: llmDescription
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (ConnectWise Technology Integration module) allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2.
References (1)
Core 1
Core References
Vendor Advisory
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00022
Scores
CVSS v3
6.1
EPSS
0.0015
EPSS Percentile
4.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (1)
watchguard/fireware
2025.1 - 2025.1.3
Published
Dec 04, 2025
Tracked Since
Feb 18, 2026