XSS in Watchguard Fireware Os

CVE-2025-13938

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Autotask Technology Integration module) allows Stored XSS.This issue affects Fireware OS 12.4 up to and in…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.000 (6.6th percentile) — read the EPSS interpretation.

Affected products

Watchguard Fireware Os — versions 12.4, 12.5, 2025.1

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00023