关键漏洞信息 漏洞概述 Advisory ID: WGSA-2025-00023 CVE: CVE-2025-13938 Impact: Medium Status: Resolved Product Family: Firebox 漏洞详情 Title: WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Autotask Technology Integration Configuration Summary: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Autotask Technology Integration module) allows Stored XSS. 影响范围 Affected Version: - Fireware OS 12.4 up to and including 12.11.4 - Fireware OS 12.5 up to and including 12.5.13 - Fireware OS 2025.1 up to and including 2025.1.2. Resolved Version: - 2025.1 -> 2025.1.3 - 12.x -> 12.11.5 - 12.5.x (T15 & T35 models) -> 12.5.14 解决方案 Resolution: Upgrade to the respective resolved versions. 参考 Advisory Product List - Firebox: - Fireware OS 12.5.x: T15, T35, T115-W, T125, T125-W, T145, T145-W, T185 - Fireware OS 2025.1.x: T20, T25, T40, T45, T55, T70, T80, T85, M270, M290, M370, M390, M470, M570, M590, M670, M690, M440, M4600, M4800, M5600, M5800, Firebox Cloud, Firebox NV5, FireboxV - Fireware OS 12.x: T15, T35, T115-W, T125, T125-W, T145, T145-W, T185 Publication Date: 2025-12-04 Update Date: 2025-12-04 Workaround Available: False CVSS Score: 4.8 CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N