Vulnerability Description
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the IPS module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Firebox: from 12.0 through 12.11.2.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Watchguard | Fireware | >= 12.0.0, < 12.11.3 |
| Watchguard | Firebox M270 | - |
| Watchguard | Firebox M290 | - |
| Watchguard | Firebox M370 | - |
| Watchguard | Firebox M390 | - |
| Watchguard | Firebox M440 | - |
| Watchguard | Firebox M4600 | - |
| Watchguard | Firebox M470 | - |
| Watchguard | Firebox M4800 | - |
| Watchguard | Firebox M5600 | - |
| Watchguard | Firebox M570 | - |
| Watchguard | Firebox M5800 | - |
| Watchguard | Firebox M590 | - |
| Watchguard | Firebox M670 | - |
| Watchguard | Firebox M690 | - |
| Watchguard | Firebox Nv5 | - |
| Watchguard | Firebox T20 | - |
| Watchguard | Firebox T25 | - |
| Watchguard | Firebox T40 | - |
| Watchguard | Firebox T45 | - |
Related Weaknesses (CWE)
References
FAQ
What is CVE-2025-6946?
CVE-2025-6946 is a vulnerability with a CVSS score of 4.8 (MEDIUM). Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the IPS module. This vulnerability requires an...
How severe is CVE-2025-6946?
CVE-2025-6946 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-6946?
Check the references section above for vendor advisories and patch information. Affected products include: Watchguard Fireware, Watchguard Firebox M270, Watchguard Firebox M290, Watchguard Firebox M370, Watchguard Firebox M390.