CVE-2025-1545

HIGH

WatchGuard Fireware OS <12.11.4-12.5.13 - Info Disclosure

Title source: llm

Description

An XPath Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from the Firebox configuration through an exposed authentication or management web interface. This vulnerability only affects Firebox systems that have at least one authentication hotspot configured.This issue affects Fireware OS 11.11 up to and including 11.12.4+541730, 12.0 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2.

References (1)

[Vendor Advisory] https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00025

Scores

CVSS v3 7.5

EPSS 0.0013

EPSS Percentile 32.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-91

Status published

Products (1)

watchguard/fireware 2025.1 - 2025.1.3

Published Dec 04, 2025

Tracked Since Feb 18, 2026