What is CVE-2025-27853?

CVE-2025-27853 is a high-severity vulnerability in Garmin Empirbus_wireless_display_unit, classified under Missing Authentication for Critical Function. CVSS score: 7.3/10. Published 2026-05-13.

How severe is CVE-2025-27853?

High severity. CVSS v3 base score is 7.3 out of 10.

Auth bypass in Garmin Empirbus_wireless_display_unit

CVE-2025-27853

The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows its authentication to be bypassed. The WDU web site only performs authentication with the client within the client's browser. The WebSockets used to communicate wit…

Vulnerability class: Broken Authentication

EPSS: 0.001 (20.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.3 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L.

Affected products

Garmin Empirbus_wireless_display_unit — versions v1, v2
Garmin Empirbus_wireless_display_unit_firmware — versions 1.4.6, 5.00
N/a — versions n/a

Weakness classification (CWE)

CWE-306 — Missing Authentication for Critical Function

References

cve@mitre.org (Product)
cve@mitre.org (Release Notes)

Frequently asked questions

What is CVE-2025-27853?: CVE-2025-27853 is a high-severity vulnerability in Garmin Empirbus_wireless_display_unit, classified under Missing Authentication for Critical Function. CVSS score: 7.3/10. Published 2026-05-13.
How severe is CVE-2025-27853?: High severity. CVSS v3 base score is 7.3 out of 10.