VYPR
Unrated severityNVD Advisory· Published Dec 4, 2025· Updated Dec 5, 2025

WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in ConnectWise Technology Integration Configuration

CVE-2025-13937

Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (ConnectWise Technology Integration module) allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • WatchGuard/Firewarellm-fuzzy2 versions
    <= 12.11.4, <= 12.5.13, <= 2025.1.2+ 1 more
    • (no CPE)range: <= 12.11.4, <= 12.5.13, <= 2025.1.2
    • (no CPE)range: 12.4

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.