CVE-2025-13937 - Vulnerability Details

CVE-2025-13937 - WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in ConnectWise Technology Integration Configuration

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (ConnectWise Technology Integration module) allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact Low

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Watchguard	Fireware Os

No data.

References

Link	Providers
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00022

History

Fri, 05 Dec 2025 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 04 Dec 2025 22:00:00 +0000

Type	Values Removed	Values Added
Description		Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (ConnectWise Technology Integration module) allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2.
Title		WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in ConnectWise Technology Integration Configuration
First Time appeared		Watchguard Watchguard fireware Os
Weaknesses		CWE-79
CPEs		cpe:2.3:a:watchguard:fireware_os::::::::12.4 cpe:2.3:a:watchguard:fireware_os::::::::12.5 cpe:2.3:a:watchguard:fireware_os:::::::*:2025.1
Vendors & Products		Watchguard Watchguard fireware Os
References		https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00022
Metrics		cvssV4_0 `{'score': 4.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: WatchGuard

Published: 2025-12-04T21:47:19.995Z

Updated: 2025-12-05T16:19:15.961Z

Reserved: 2025-12-02T23:52:20.541Z

Link: CVE-2025-13937

Vulnrichment

Updated: 2025-12-05T16:19:12.206Z

NVD

Status : Received

Published: 2025-12-04T22:15:47.697

Modified: 2025-12-04T22:15:47.697

Link: CVE-2025-13937

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact Low

Subsequent System Availability Impact None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object