XSS in Watchguard Fireware Os

CVE-2025-4804

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the spamBlocker module. This vulnerability requires an authenticated administrator se…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.004 (27.8th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References