Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-1910— WatchGuard Mobile VPN with SSL Local Privilege Escalation via Update Package

EPSS 0.02% · P7
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-1910

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
WatchGuard Mobile VPN with SSL Local Privilege Escalation via Update Package
Source: NVD (National Vulnerability Database)
Vulnerability Description
The WatchGuard Mobile VPN with SSL Client on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/SYSTEM on the Windows machine where the VPN Client is installed.This issue affects the Mobile VPN with SSL Client 12.0 up to and including 12.11.2.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
在命令中使用的特殊元素转义处理不恰当(命令注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
WatchGuard Mobile VPN with SSL Client 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
WatchGuard Mobile VPN with SSL client是美国WatchGuard公司的一个远程访问软件。 WatchGuard Mobile VPN with SSL Client 12.0版本至12.11.2版本存在安全漏洞,该漏洞源于本地非管理员用户可提升权限至SYSTEM。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
WatchGuardMobile VPN with SSL Client 12.0 ~ 12.11.2 -

II. Public POCs for CVE-2025-1910

#POC DescriptionSource LinkShenlong Link
1Proof-of-Concept for exploiting CVE-2025-1910, a local privilege escalation within Watchguard's Mobile VPN with SSL client. https://github.com/lutrasecurity/CVE-2025-1910-WatchGuard-Privilege-EscalationPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2025-1910

登录查看更多情报信息。

Same Patch Batch · WatchGuard · 2025-12-04 · 13 CVEs total

CVE-2025-12196WatchGuard Firebox Authenticated Out of Bounds Write in Management CLI Ping Command
CVE-2025-12195WatchGuard Firebox Authenticated Out of Bounds Write in Management CLI IPSec Configuration
CVE-2025-12026WatchGuard Firebox Authenticated Out of Bounds Write in certd
CVE-2025-1545WatchGuard Firebox XPath Injection Vulnerability in Web CGI
CVE-2025-6946WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in IPS Configuration
CVE-2025-11838WatchGuard Firebox iked Memory Corruption Vulnerability
CVE-2025-13937WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in ConnectWise Technolo
CVE-2025-13936WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Tigerpaw Technology
CVE-2025-13939WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Gateway Wireless Con
CVE-2025-13940WatchGuard Firebox Boot Time System Integrity Check Bypass
CVE-2025-13938WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Autotask Technology
CVE-2025-1547WatchGuard Firebox Authenticated Stack Overflow in Certificate Request Command

IV. Related Vulnerabilities

Same product: Mobile VPN with SSL Client
Same vendor: WatchGuard
Same weakness: CWE-77

V. Comments for CVE-2025-1910

Anonymous User
2026-01-15 06:08:53

Zaproxy alias impedit expedita quisquam pariatur exercitationem. Nemo rerum eveniet dolores rem quia dignissimos.

Leave a comment