WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in IPS Configuration Advisory ID: WSGA-2025-00011 CVE: CVE-2025-6946 Impact: Medium Status: Resolved Product Family: Firebox Published Date: 2025-07-10 Updated Date: 2025-12-04 Workaround Available: False CVSS Score: 4.8 CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Summary An authenticated remote attacker with administrator privileges could exploit this vulnerability in the management interface of WatchGuard Firebox appliances via the IPS configuration to execute arbitrary JavaScript code in the Firebox management interface of another management user. Affected This issue affects Fireware OS: from 12.0 up to and including 12.11.2. Resolution Advisory Product List