CVE-2025-1910
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-04

Last updated on: 2025-12-08

Assigner: WatchGuard Technologies, Inc.

Description
The WatchGuard Mobile VPN with SSL Client on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/SYSTEM on the Windows machine where the VPN Client is installed.This issue affects the Mobile VPN with SSL Client 12.0 up to and including 12.11.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-04
Last Modified
2025-12-08
Generated
2026-06-16
AI Q&A
2025-12-05
EPSS Evaluated
2026-06-15
NVD
CVE-2025-1910
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
watchguard mobile_vpn_with_ssl_client 12.11.2
watchguard mobile_vpn_with_ssl_client 11.0
watchguard mobile_vpn_with_ssl_client 12.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the WatchGuard Mobile VPN with SSL Client on Windows allows a locally authenticated non-administrative user to escalate their privileges to NT AUTHORITY/SYSTEM, which is the highest level of privilege on the Windows machine where the VPN Client is installed. It affects versions 12.0 up to and including 12.11.2.

Impact Analysis

An attacker who has local access to the affected Windows machine can exploit this vulnerability to gain full system privileges (NT AUTHORITY/SYSTEM). This can allow them to perform any action on the system, including installing software, accessing sensitive data, or modifying system configurations, potentially leading to a complete compromise of the affected machine.

Detection Guidance

Detection involves verifying the installed version of the WatchGuard Mobile VPN with SSL Client on Windows. If the version is between 11.0 and 12.11.2 inclusive, the system is vulnerable. You can check the installed version using Windows commands such as 'wmic product where "name like '%WatchGuard Mobile VPN%'" get name, version' or by inspecting the application version in the Programs and Features panel. There are no specific network detection commands or signatures mentioned. [1]

Mitigation Strategies

The immediate mitigation step is to upgrade the WatchGuard Mobile VPN with SSL Client to version 12.11.3 or later, where the vulnerability is resolved. There is no workaround available, so patching is the recommended action. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-1910. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart