WatchGuard Fireware OS 存储型XSS漏洞(CVE-2025-13937)公告

Advisory ID: WSGA-2025-00022 CVE: CVE-2025-13937 Impact: Medium Status: Resolved Product Family: Firebox Published Date: 2025-12-04 Updated Date: 2025-12-04 Workaround Available: False CVSS Score: 4.8 CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Summary: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (ConnectWise Technology Integration module) allows Stored XSS. Affected Versions: - Fireware OS 12.4 up to and including 12.11.4 - 12.5 up to and including 12.5.13 - 2025.1 up to and including 2025.1.2 Resolution Versions: - 2025.1 → 2025.1.3 - 12.x → 12.11.5 - 12.5.x (T15 & T35 models) → 12.5.14 Advisory Product List: - Firebox: Fireware OS 12.5.x → T15, T35, T115-W, T125, T125-W, T145, T145-W, T185 - Firebox: Fireware OS 2025.1.x → T20, T25, T40, T45, T55, T70, T80, T85, M270, M290, M370, M390, M470, M570, M590, M670, M690, M440, M4600, M4800, M5600, M5800, Firebox Cloud, Firebox NV5, FireboxV - Firebox: Fireware OS 12.x → Various listed models

目标达成 感谢每一位支持者 — 我们达成了 100% 目标！

WatchGuard Fireware OS 存储型XSS漏洞(CVE-2025-13937)公告

目标达成感谢每一位支持者 — 我们达成了 100% 目标！