Primary

Context

WatchGuard Fireware OS Authentication Portal HTTP Request Smuggling Vulnerability Allowing Reflected Self-Cross-Site Scripting

Vulnerability

Patched

A vulnerability allowing HTTP request smuggling has been identified in the Authentication portal of WatchGuard Fireware OS. This issue allows remote attackers to bypass request parameter sanitation and execute a reflected self-Cross-Site Scripting (XSS) attack. The vulnerability affects Fireware OS versions 12.0 through 12.11.2.

Impact

Exploitation of this vulnerability could lead to request parameter sanitation being bypassed, allowing for reflected self-Cross-Site Scripting (XSS) attacks.

Remediation

Users can upgrade to WatchGuard Fireware OS 12.11.3 to address this vulnerability.

Added: Sep 15, 2025, 10:59 PM

Updated: Sep 15, 2025, 10:59 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

1.3

exploitability

6.0

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

1.3

exploitability

6.0

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WatchGuard Fireware OS Authentication Portal HTTP Request Smuggling Vulnerability Allowing Reflected Self-Cross-Site Scripting

Vulnerability

Impact

Remediation

Affected Products

WatchGuard Fireware OS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating