RCE in Watchguard Mobile Vpn With Ssl Client

CVE-2025-1910

The WatchGuard Mobile VPN with SSL Client on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/SYSTEM on the Windows machine where the VPN Client is installed.This issue…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.002 (11.1th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2025-1910?
CVE-2025-1910 is a vulnerability in Watchguard Mobile Vpn With Ssl Client, classified under Command Injection. Published 2025-12-04.
Is CVE-2025-1910 known to be exploited?
1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.