Vulnerability Description
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Autotask Technology Integration module) allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Watchguard | Fireware | >= 2025.1, < 2025.1.3 |
| Watchguard | Firebox T115-W | - |
| Watchguard | Firebox T125 | - |
| Watchguard | Firebox T125-W | - |
| Watchguard | Firebox T145 | - |
| Watchguard | Firebox T145-W | - |
| Watchguard | Firebox T185 | - |
| Watchguard | Firebox M270 | - |
| Watchguard | Firebox M290 | - |
| Watchguard | Firebox M370 | - |
| Watchguard | Firebox M390 | - |
| Watchguard | Firebox M440 | - |
| Watchguard | Firebox M4600 | - |
| Watchguard | Firebox M470 | - |
| Watchguard | Firebox M4800 | - |
| Watchguard | Firebox M5600 | - |
| Watchguard | Firebox M570 | - |
| Watchguard | Firebox M5800 | - |
| Watchguard | Firebox M590 | - |
| Watchguard | Firebox M670 | - |
Related Weaknesses (CWE)
References
FAQ
What is CVE-2025-13938?
CVE-2025-13938 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Autotask Technology Integration module) allows Stored XSS.This issu...
How severe is CVE-2025-13938?
CVE-2025-13938 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-13938?
Check the references section above for vendor advisories and patch information. Affected products include: Watchguard Fireware, Watchguard Firebox T115-W, Watchguard Firebox T125, Watchguard Firebox T125-W, Watchguard Firebox T145.