CVE-2025-6999
BaseFortify
Publication date: 2025-09-15
Last updated on: 2025-09-16
Assigner: WatchGuard Technologies, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| watchguard | fireware_os | 12.0 |
| watchguard | fireware_os | 12.11.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-444 | The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an HTTP Request Smuggling issue in the Authentication portal of WatchGuard Fireware OS. It allows a remote attacker to bypass request parameter sanitation and carry out a reflected self-Cross-Site Scripting (XSS) attack. This means the attacker can manipulate HTTP requests to inject malicious scripts that are reflected back to the user, potentially compromising security.
How can this vulnerability impact me? :
The vulnerability can allow a remote attacker to perform reflected self-XSS attacks by evading request parameter sanitation. This can lead to unauthorized script execution in the context of the affected application, potentially resulting in data theft, session hijacking, or other malicious actions against users of the Authentication portal.