Overview CVE-2025-66506 is a high-severity denial-of-service (DoS) vulnerability affecting Fulcio, a free-to-use certificate authority for issuing code signing certificates based on OpenID Connect (OIDC) identities. This vulnerability, present in versions prior to 1.8.3, stems from inefficient string processing within the identity.extractIssuerURL function. By exploiting this flaw, a malicious actor can craft requests with specially designed OIDC identity tokens to trigger excessive memory allocation, leading to a denial of service. Technical Details The vulnerability lies in the identity.extractIssuerURL function within Fulcio. This function is responsible for extracting the issuer URL from an OIDC identity token. Prior to version 1.8.3, the function…

Overview CVE-2025-66238 is a high-severity vulnerability affecting DCIM dcTrack. This flaw allows an authenticated user with access to the appliance’s virtual console to misuse certain remote access features, leading to potential network traffic redirection. This redirection could grant unauthorized access to restricted services or data on the host machine. Technical Details The vulnerability stems from improper input validation and authorization controls related to the dcTrack’s remote access capabilities. An authenticated attacker, possessing legitimate but limited access, can manipulate the configuration of network routing through the virtual console. By exploiting this vulnerability, the attacker can redirect network traffic destined for specific…

Overview CVE-2025-65900 identifies a critical security vulnerability affecting Kalmia CMS version 0.2.0. This vulnerability, classified as an Incorrect Access Control issue, resides within the /kal-api/auth/users API endpoint. It allows authenticated users with even basic read permissions to access and retrieve sensitive information belonging to all users on the platform. This unauthorized access is due to a lack of proper permission validation and excessive data exposure within the backend API. Technical Details The vulnerability stems from insufficient access control checks when querying the /kal-api/auth/users endpoint. A standard authenticated user, who should only have access to their own user data, can bypass…

Overview CVE-2025-65899 describes a user enumeration vulnerability affecting Kalmia CMS version 0.2.0. This vulnerability resides within the application’s authentication mechanism. By observing differing error messages returned by the system during login attempts, an unauthenticated attacker can determine valid usernames present on the system. This can be a crucial first step in a more complex attack. Technical Details The vulnerability stems from the way Kalmia CMS 0.2.0 handles authentication failures. When an attacker attempts to log in with an invalid username, the system returns an error message indicating “user_not_found”. However, if the username is valid but the password is incorrect, the…

Overview CVE-2025-53704 describes a high-severity vulnerability affecting the password reset mechanism of the Pivot client application. This weakness can potentially allow an attacker to take control of user accounts by exploiting flaws in the password recovery process. Immediate action is recommended to mitigate this risk. Technical Details The password reset mechanism in the Pivot client is insufficiently secure. The exact nature of the vulnerability is not detailed here but can be found in the referenced advisories. Common weaknesses in such mechanisms include: Predictable reset tokens Lack of rate limiting on reset requests Insecure transmission of reset links Ability to manipulate…

Overview A critical privilege escalation vulnerability, identified as CVE-2025-1910, has been discovered in the WatchGuard Mobile VPN with SSL Client for Windows. This vulnerability allows a locally authenticated, non-administrative Windows user to elevate their privileges to NT AUTHORITY/SYSTEM. This effectively grants the attacker complete control over the affected Windows machine. This vulnerability affects versions 12.0 up to and including 12.11.2 of the WatchGuard Mobile VPN with SSL Client. Technical Details The specific technical details of the vulnerability are not publicly disclosed in full at this time to prevent further exploitation. However, it involves a flaw in how the WatchGuard Mobile…

Overview A critical security vulnerability, identified as CVE-2025-1547, has been discovered in WatchGuard Fireware OS. This vulnerability is a stack-based buffer overflow (CWE-121) that could allow an authenticated and privileged user to execute arbitrary code on the affected device. The vulnerability resides within the certificate request command processing of Fireware OS’s CLI interface. This article provides a detailed analysis of the vulnerability, its potential impact, and the necessary steps to mitigate the risk. Technical Details CVE-2025-1547 is a stack-based buffer overflow vulnerability [CWE-121] present in how WatchGuard Fireware OS processes certificate request commands received through the command-line interface (CLI). A…

Overview CVE-2025-1545 describes an XPath Injection vulnerability affecting WatchGuard Fireware OS. This flaw could allow a remote, unauthenticated attacker to potentially retrieve sensitive information directly from the Firebox configuration. The vulnerability is triggered through an exposed authentication or management web interface and only impacts Firebox systems configured with at least one authentication hotspot. This advisory provides a detailed analysis of the vulnerability, its potential impact, and recommended mitigation steps. Technical Details The vulnerability resides within the Fireware OS versions specified below. Specifically, it occurs due to insufficient input sanitization when processing XPath queries within the authentication or management web interface.…

Overview CVE-2025-13940 is a security vulnerability affecting WatchGuard Fireware OS. This vulnerability, classified as an Expected Behavior Violation [CWE-440], allows a potential attacker to bypass the Fireware OS boot-time system integrity check. This bypass can prevent the Firebox from shutting down, even if the system integrity check fails. While the on-demand system integrity check in the Fireware Web UI will correctly display a failed system integrity check message, the underlying protection mechanism during boot may be compromised. Technical Details The vulnerability resides in the boot process of WatchGuard Fireware OS. Specifically, the flaw allows an attacker to potentially circumvent the…

Overview This article details CVE-2025-13939, a Stored Cross-Site Scripting (XSS) vulnerability affecting the Gateway Wireless Controller module in WatchGuard Fireware OS. This vulnerability allows an attacker to inject malicious scripts into web pages viewed by other users, potentially leading to account compromise, data theft, or other malicious activities. The vulnerability affects multiple versions of Fireware OS, highlighting the importance of immediate patching. Technical Details CVE-2025-13939 is a Stored XSS vulnerability, meaning the malicious script is stored on the server (WatchGuard Fireware OS) and executed when other users access the affected web page. The vulnerability stems from improper neutralization of user-supplied…