RCE in Watchguard Mobile Vpn With Ssl Client
CVE-2025-1910
The WatchGuard Mobile VPN with SSL Client on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/SYSTEM on the Windows machine where the VPN Client is installed.This issue…
Vulnerability class: Command Injection (OS Command Injection)
EPSS: 0.002 (11.1th percentile) — read the EPSS interpretation.
Affected products
- Watchguard Mobile Vpn With Ssl Client — versions 12.0
Weakness classification (CWE)
Public proof-of-concept exploits
References
Frequently asked questions
- What is CVE-2025-1910?
- CVE-2025-1910 is a vulnerability in Watchguard Mobile Vpn With Ssl Client, classified under Command Injection. Published 2025-12-04.
- Is CVE-2025-1910 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.