Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-1545

Опубликовано: 04 дек. 2025
Источник: nvd
CVSS3: 7.5
EPSS Низкий

Описание

An XPath Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from the Firebox configuration through an exposed authentication or management web interface. This vulnerability only affects Firebox systems that have at least one authentication hotspot configured.This issue affects Fireware OS 11.11 up to and including 11.12.4+541730, 12.0 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:*
Версия от 2025.1 (включая) до 2025.1.3 (исключая)

Одно из

cpe:2.3:h:watchguard:firebox_t115-w:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t125:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t125-w:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t145:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t145-w:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t185:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:*
Версия от 11.11 (включая) до 12.11.5 (исключая)

Одно из

cpe:2.3:h:watchguard:firebox_m270:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m290:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m370:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m390:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m440:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m4600:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m470:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m4800:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m5600:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m570:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m5800:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m590:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m670:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m690:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_nv5:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t20:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t25:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t40:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t45:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t55:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t70:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t80:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t85:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:fireboxcloud:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:fireboxv:-:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:*
Версия от 11.11 (включая) до 12.5.14 (исключая)

Одно из

cpe:2.3:h:watchguard:firebox_t15:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t35:-:*:*:*:*:*:*:*

EPSS

Процентиль: 25%
0.00085
Низкий

7.5 High

CVSS3

Дефекты

CWE-91

Связанные уязвимости

github логотип

GHSA-pqq2-xhg5-jr2v

CVSS3: 7.5
github
2 месяца назад

An XPath Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from the Firebox configuration through an exposed authentication or management web interface. This vulnerability only affects Firebox systems that have at least one authentication hotspot configured.This issue affects Fireware OS 11.11 up to and including 11.12.4+541730, 12.0 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2.

fstec логотип

BDU:2025-15457

CVSS3: 7.5
fstec
2 месяца назад

Уязвимость веб-интерфейса управления операционной системы WatchGuard Fireware, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 25%
0.00085
Низкий

7.5 High

CVSS3

Дефекты

CWE-91