CVE-2025-1071

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-1071
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the spamBlocker module. This vulnerability requires an authenticated administrator session to a locally managed Firebox.This issue affects Fireware OS: from 12.0 through 12.5.12+701324, from 12.6 through 12.11.

4.8 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.7 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00001 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:watchguard:firebox_m270:*:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m290:*:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m370:*:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m390:*:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m440:*:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m4600:*:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m470:*:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m4800:*:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m5600:*:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m570:*:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m5800:*:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m590:*:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m670:*:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m690:*:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_nv5:*:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t20:*:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t25:*:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t40:*:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t45:*:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t55:*:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t70:*:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t80:*:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t85:*:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:fireboxcloud:*:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:fireboxv:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:watchguard:firebox_t15:*:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t35:*:*:*:*:*:*:*:*
History

No history.

Information

Published : 2025-02-14 14:15

Updated : 2026-03-02 18:59

NVD link : CVE-2025-1071

Mitre link : CVE-2025-1071

CVE.ORG link : CVE-2025-1071

JSON object : View

Products Affected

watchguard

  • fireware
  • fireboxcloud
  • firebox_m4800
  • firebox_m470
  • firebox_m290
  • firebox_m5600
  • firebox_t70
  • firebox_m390
  • firebox_t45
  • firebox_m370
  • firebox_m4600
  • fireboxv
  • firebox_m440
  • firebox_t85
  • firebox_nv5
  • firebox_m570
  • firebox_t15
  • firebox_t40
  • firebox_m670
  • firebox_t35
  • firebox_t55
  • firebox_t80
  • firebox_t25
  • firebox_m690
  • firebox_m590
  • firebox_m5800
  • firebox_t20
  • firebox_m270
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')