1. Home
  2. CVE Database
  3. CVE-2025-1071
MEDIUM · 4.8

CVE-2025-1071

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the spamBlocker module. This vulnerability req...

Vulnerability Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the spamBlocker module. This vulnerability requires an authenticated administrator session to a locally managed Firebox.This issue affects Fireware OS: from 12.0 through 12.5.12+701324, from 12.6 through 12.11.

CVSS Score

4.8

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
WatchguardFireware>= 12.0.0, < 12.11.1
WatchguardFirebox M270All versions
WatchguardFirebox M290All versions
WatchguardFirebox M370All versions
WatchguardFirebox M390All versions
WatchguardFirebox M440All versions
WatchguardFirebox M4600All versions
WatchguardFirebox M470All versions
WatchguardFirebox M4800All versions
WatchguardFirebox M5600All versions
WatchguardFirebox M570All versions
WatchguardFirebox M5800All versions
WatchguardFirebox M590All versions
WatchguardFirebox M670All versions
WatchguardFirebox M690All versions
WatchguardFirebox Nv5All versions
WatchguardFirebox T20All versions
WatchguardFirebox T25All versions
WatchguardFirebox T40All versions
WatchguardFirebox T45All versions

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2025-1071?

CVE-2025-1071 is a vulnerability with a CVSS score of 4.8 (MEDIUM). Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the spamBlocker module. This vulnerability req...

How severe is CVE-2025-1071?

CVE-2025-1071 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-1071?

Check the references section above for vendor advisories and patch information. Affected products include: Watchguard Fireware, Watchguard Firebox M270, Watchguard Firebox M290, Watchguard Firebox M370, Watchguard Firebox M390.