CVE-2025-6999
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-15

Last updated on: 2025-09-16

Assigner: WatchGuard Technologies, Inc.

Description
An HTTP Request Smuggling [CWE-444] vulnerability in the Authentication portal of WatchGuard Fireware OS allows a remote attacker to evade request parameter sanitation and perform a reflected self-Cross-Site Scripting (XSS) attack.This issue affects Fireware OS: from 12.0 through 12.11.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-15
Last Modified
2025-09-16
Generated
2026-06-16
AI Q&A
2025-09-16
EPSS Evaluated
2026-06-15
NVD
CVE-2025-6999
EUVD
EUVD-2025-29270
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
watchguard fireware_os 12.0
watchguard fireware_os 12.11.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-444 The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an HTTP Request Smuggling issue in the Authentication portal of WatchGuard Fireware OS. It allows a remote attacker to bypass request parameter sanitation and carry out a reflected self-Cross-Site Scripting (XSS) attack. This means the attacker can manipulate HTTP requests to inject malicious scripts that are reflected back to the user, potentially compromising security.

Impact Analysis

The vulnerability can allow a remote attacker to perform reflected self-XSS attacks by evading request parameter sanitation. This can lead to unauthorized script execution in the context of the affected application, potentially resulting in data theft, session hijacking, or other malicious actions against users of the Authentication portal.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-6999. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart