Medium severityNVD Advisory· Published Feb 14, 2025· Updated Apr 15, 2026

CVE-2025-1239

Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the Blocked Sites list. This vulnerability requires an authenticated administrator session to a locally managed Firebox.This issue affects Fireware OS: from 12.0 through 12.5.12+701324, from 12.6 through 12.11.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Stored XSS in WatchGuard Fireware OS via Blocked Sites list allows authenticated admins to inject JavaScript, affecting multiple Firebox models.

Vulnerability

Overview A stored cross-site scripting (XSS) vulnerability exists in the management interface of WatchGuard Firebox appliances due to improper neutralization of input in the Blocked Sites list [1]. This flaw allows an authenticated remote attacker with administrator privileges to inject arbitrary JavaScript code that is stored and later executed in the context of another management user's session.

Exploitation

Prerequisites Exploitation requires an authenticated administrator session to a locally managed Firebox. The attacker must have administrative access to the device and then craft a malicious entry in the Blocked Sites list. When another administrator views the list, the injected script executes in their browser within the management interface [1].

Impact

Successful exploitation enables arbitrary JavaScript execution in the Firebox management interface. This could lead to session hijacking, unauthorized actions, or further compromise of the management session. The CVSS v4.0 score is 5.1 (Medium), with low impact on confidentiality and integrity of the management interface [1].

Mitigation

WatchGuard has released patches: Fireware OS 12.11.1 for all affected 12.x versions, and Fireware OS 12.5.13 for T15 and T35 models. No workaround is available; upgrading to the fixed versions is recommended [1].

References

WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Blocked Sites List | WatchGuard Technologies

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

WatchGuard/Firewarellm-fuzzy
Range: >=12.0 <=12.5.12+701324 || >=12.6 <=12.11

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00002nvd

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000