关键漏洞信息 Advisory ID: WGSA-2025-00021 CVE: CVE-2025-13936 Impact: Medium Status: Resolved Product Family: Firebox Published Date: 2025-12-04 Updated Date: 2025-12-04 CVSS Score: 4.8 CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Summary Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Tigerpaw Technology Integration module) allows Stored XSS. Affected Versions Fireware OS 12.4 up to and including 12.11.4 Fireware OS 12.5 up to and including 12.5.13 Fireware OS 2025.1 up to and including 2025.1.2 Resolved Versions 2025.1: 2025.1.3 12.x: 12.11.5 12.5.x (T15 & T35 models): 12.5.14 Advisory Product List PRODUCT FAMILY: Firebox PRODUCT BRANCH: - Fireware OS 12.5.x - Fireware OS 2025.1.x - Fireware OS 12.x PRODUCT LIST: - T15, T35 - T115-W, T125, T125-W, T145, T145-W, T185 - T20, T25, T40, T45, T55, T70, T80, T85, M270, M290, M370, M390, M470, M570, M590, M670, M690, M440, M4600, M4800, M5600, M5800, Firebox Cloud, Firebox NV5, FireboxV