Vulnerability Description
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Gateway Wireless Controller module) allows Stored XSS.This issue affects Fireware OS 11.7.2 up to and including 11.12.4+541730, 12.0 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Watchguard | Fireware | >= 2025.1, < 2025.1.3 |
| Watchguard | Firebox T115-W | - |
| Watchguard | Firebox T125 | - |
| Watchguard | Firebox T125-W | - |
| Watchguard | Firebox T145 | - |
| Watchguard | Firebox T145-W | - |
| Watchguard | Firebox T185 | - |
| Watchguard | Firebox M270 | - |
| Watchguard | Firebox M290 | - |
| Watchguard | Firebox M370 | - |
| Watchguard | Firebox M390 | - |
| Watchguard | Firebox M440 | - |
| Watchguard | Firebox M4600 | - |
| Watchguard | Firebox M470 | - |
| Watchguard | Firebox M4800 | - |
| Watchguard | Firebox M5600 | - |
| Watchguard | Firebox M570 | - |
| Watchguard | Firebox M5800 | - |
| Watchguard | Firebox M590 | - |
| Watchguard | Firebox M670 | - |
Related Weaknesses (CWE)
References
FAQ
What is CVE-2025-13939?
CVE-2025-13939 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Gateway Wireless Controller module) allows Stored XSS.This issue af...
How severe is CVE-2025-13939?
CVE-2025-13939 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-13939?
Check the references section above for vendor advisories and patch information. Affected products include: Watchguard Fireware, Watchguard Firebox T115-W, Watchguard Firebox T125, Watchguard Firebox T125-W, Watchguard Firebox T145.