CVE-2025-1545
HIGHDescription
An XPath Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from the Firebox configuration through an exposed authentication or management web interface. This vulnerability only affects Firebox systems that have at least one authentication hotspot configured.This issue affects Fireware OS 11.11 up to and including 11.12.4+541730, 12.0 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2.
Is your site exposed to CVE-2025-1545?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| watchguard | fireware |
| watchguard | firebox_t115-w |
| watchguard | firebox_t125 |
| watchguard | firebox_t125-w |
| watchguard | firebox_t145 |
| watchguard | firebox_t145-w |
| watchguard | firebox_t185 |
| watchguard | fireware |
| watchguard | firebox_m270 |
| watchguard | firebox_m290 |
| watchguard | firebox_m370 |
| watchguard | firebox_m390 |
| watchguard | firebox_m440 |
| watchguard | firebox_m4600 |
| watchguard | firebox_m470 |
| watchguard | firebox_m4800 |
| watchguard | firebox_m5600 |
| watchguard | firebox_m570 |
| watchguard | firebox_m5800 |
| watchguard | firebox_m590 |
| watchguard | firebox_m670 |
| watchguard | firebox_m690 |
| watchguard | firebox_nv5 |
| watchguard | firebox_t20 |
| watchguard | firebox_t25 |
| watchguard | firebox_t40 |
| watchguard | firebox_t45 |
| watchguard | firebox_t55 |
| watchguard | firebox_t70 |
| watchguard | firebox_t80 |
| watchguard | firebox_t85 |
| watchguard | fireboxcloud |
| watchguard | fireboxv |
| watchguard | fireware |
| watchguard | firebox_t15 |
| watchguard | firebox_t35 |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-1545? +
How severe is CVE-2025-1545? +
What products are affected by CVE-2025-1545? +
How do I check if I'm vulnerable to CVE-2025-1545? +
Related Vulnerabilities
XML Injection vulnerability in xmltodict allows Input Data Manipulation. This issue affects xmltodict: from 0.14.2 before 0.15.1. NOTE: the scope …
xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In @xmldom/xmldom prior to …
xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In @xmldom/xmldom prior to …
xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In @xmldom/xmldom prior to …
An XML External Entity (XXE) vulnerability in Dmoz2CSV in openimaj v1.3.10 allows attackers to access sensitive information or execute arbitrary …
XML Injection RCE by parse http sitemap xml response vulnerability in Apache HertzBeat. The attacker needs to have an authenticated …