CVE-2025-13938 - Vulnerability Details

CVE-2025-13938 - WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Autotask Technology Integration Configuration

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Autotask Technology Integration module) allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact Low

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Watchguard	Fireware Os

No data.

References

Link	Providers
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00023

History

Fri, 05 Dec 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 04 Dec 2025 22:00:00 +0000

Type	Values Removed	Values Added
Description		Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Autotask Technology Integration module) allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2.
Title		WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Autotask Technology Integration Configuration
First Time appeared		Watchguard Watchguard fireware Os
Weaknesses		CWE-79
CPEs		cpe:2.3:a:watchguard:fireware_os::::::::12.4 cpe:2.3:a:watchguard:fireware_os::::::::12.5 cpe:2.3:a:watchguard:fireware_os:::::::*:2025.1
Vendors & Products		Watchguard Watchguard fireware Os
References		https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00023
Metrics		cvssV4_0 `{'score': 4.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: WatchGuard

Published: 2025-12-04T21:47:29.650Z

Updated: 2025-12-05T15:45:58.220Z

Reserved: 2025-12-02T23:52:22.630Z

Link: CVE-2025-13938

Vulnrichment

Updated: 2025-12-05T15:45:55.290Z

NVD

Status : Received

Published: 2025-12-04T22:15:47.863

Modified: 2025-12-04T22:15:47.863

Link: CVE-2025-13938

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact Low

Subsequent System Availability Impact None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object