Vulnerability Details CVE-2025-1071
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the spamBlocker module. This vulnerability requires an authenticated administrator session to a locally managed Firebox.This issue affects Fireware OS: from 12.0 through 12.5.12+701324, from 12.6 through 12.11.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 27.6%
CVSS Severity
CVSS v3 Score 4.8
Products affected by CVE-2025-1071
-
cpe:2.3:h:watchguard:firebox_m270:-
-
cpe:2.3:h:watchguard:firebox_m290:-
-
cpe:2.3:h:watchguard:firebox_m370:-
-
cpe:2.3:h:watchguard:firebox_m390:-
-
cpe:2.3:h:watchguard:firebox_m440:-
-
cpe:2.3:h:watchguard:firebox_m4600:-
-
cpe:2.3:h:watchguard:firebox_m470:-
-
cpe:2.3:h:watchguard:firebox_m4800:-
-
cpe:2.3:h:watchguard:firebox_m5600:-
-
cpe:2.3:h:watchguard:firebox_m570:-
-
cpe:2.3:h:watchguard:firebox_m5800:-
-
cpe:2.3:h:watchguard:firebox_m590:-
-
cpe:2.3:h:watchguard:firebox_m670:-
-
cpe:2.3:h:watchguard:firebox_m690:-
-
cpe:2.3:h:watchguard:firebox_nv5:-
-
cpe:2.3:h:watchguard:firebox_t15:-
-
cpe:2.3:h:watchguard:firebox_t20:-
-
cpe:2.3:h:watchguard:firebox_t25:-
-
cpe:2.3:h:watchguard:firebox_t35:-
-
cpe:2.3:h:watchguard:firebox_t40:-
-
cpe:2.3:h:watchguard:firebox_t45:-
-
cpe:2.3:h:watchguard:firebox_t55:-
-
cpe:2.3:h:watchguard:firebox_t70:-
-
cpe:2.3:h:watchguard:firebox_t80:-
-
cpe:2.3:h:watchguard:firebox_t85:-
-
cpe:2.3:h:watchguard:fireboxcloud:-
-
cpe:2.3:h:watchguard:fireboxv:-
-
cpe:2.3:o:watchguard:fireware:12.0.0
-
cpe:2.3:o:watchguard:fireware:12.0.1
-
cpe:2.3:o:watchguard:fireware:12.0.2
-
cpe:2.3:o:watchguard:fireware:12.1
-
cpe:2.3:o:watchguard:fireware:12.1.1
-
cpe:2.3:o:watchguard:fireware:12.1.3
-
cpe:2.3:o:watchguard:fireware:12.1.4
-
cpe:2.3:o:watchguard:fireware:12.10
-
cpe:2.3:o:watchguard:fireware:12.10.1
-
cpe:2.3:o:watchguard:fireware:12.10.2
-
cpe:2.3:o:watchguard:fireware:12.10.3
-
cpe:2.3:o:watchguard:fireware:12.10.4
-
cpe:2.3:o:watchguard:fireware:12.11
-
cpe:2.3:o:watchguard:fireware:12.2.0
-
cpe:2.3:o:watchguard:fireware:12.2.1
-
cpe:2.3:o:watchguard:fireware:12.3
-
cpe:2.3:o:watchguard:fireware:12.3.1
-
cpe:2.3:o:watchguard:fireware:12.4
-
cpe:2.3:o:watchguard:fireware:12.4.1
-
cpe:2.3:o:watchguard:fireware:12.5
-
cpe:2.3:o:watchguard:fireware:12.5.1
-
cpe:2.3:o:watchguard:fireware:12.5.10
-
cpe:2.3:o:watchguard:fireware:12.5.11
-
cpe:2.3:o:watchguard:fireware:12.5.12
-
cpe:2.3:o:watchguard:fireware:12.5.13
-
cpe:2.3:o:watchguard:fireware:12.5.14
-
cpe:2.3:o:watchguard:fireware:12.5.15
-
cpe:2.3:o:watchguard:fireware:12.5.2
-
cpe:2.3:o:watchguard:fireware:12.5.3
-
cpe:2.3:o:watchguard:fireware:12.5.4
-
cpe:2.3:o:watchguard:fireware:12.5.5
-
cpe:2.3:o:watchguard:fireware:12.5.6
-
cpe:2.3:o:watchguard:fireware:12.5.7
-
cpe:2.3:o:watchguard:fireware:12.5.8
-
cpe:2.3:o:watchguard:fireware:12.5.9
-
cpe:2.3:o:watchguard:fireware:12.6.1
-
cpe:2.3:o:watchguard:fireware:12.6.3
-
cpe:2.3:o:watchguard:fireware:12.6.4
-
cpe:2.3:o:watchguard:fireware:12.7.0
-
cpe:2.3:o:watchguard:fireware:12.7.1
-
cpe:2.3:o:watchguard:fireware:12.7.2
-
cpe:2.3:o:watchguard:fireware:12.8.0
-
cpe:2.3:o:watchguard:fireware:12.8.1
-
cpe:2.3:o:watchguard:fireware:12.8.2
-
cpe:2.3:o:watchguard:fireware:12.8.3
-
cpe:2.3:o:watchguard:fireware:12.9
-
cpe:2.3:o:watchguard:fireware:12.9.2
-
cpe:2.3:o:watchguard:fireware:12.9.3
-
cpe:2.3:o:watchguard:fireware:12.9.4