CVE-2025-1545

HIGH

WatchGuard Fireware OS <12.11.4-12.5.13 - Info Disclosure

Title source: llm

Description

An XPath Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from the Firebox configuration through an exposed authentication or management web interface. This vulnerability only affects Firebox systems that have at least one authentication hotspot configured.This issue affects Fireware OS 11.11 up to and including 11.12.4+541730, 12.0 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2.

References (1)

[Vendor Advisory] https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00025

Scores

CVSS v3 7.5

EPSS 0.0011

EPSS Percentile 29.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-91

Status published

Affected Products (1)

watchguard/fireware < 2025.1.3

Timeline

Published Dec 04, 2025

Tracked Since Feb 18, 2026