Impact
The CVE describes an improper neutralization of input during web page generation in the Autotask Technology Integration configuration of WatchGuard Fireware OS. Stored cross‑site‑scripting can be triggered by submitting malicious payloads that are later rendered in the browser when the configuration page is loaded. An attacker who can inject such input can execute arbitrary JavaScript in the context of an authenticated user, potentially stealing session cookies, redirecting users, or installing malware. This vulnerability is an additional unmitigated attack path for the earlier CVE‑2025‑13938.
Affected Systems
Affected systems are devices running WatchGuard Fireware OS, specifically version 12.4 to 12.12, 12.5 to 12.5.18, and 2025.1 to 2026.2. The flaw resides in the Autotask Technology Integration module accessed through the web‑based management interface of Firebox appliances.
Risk and Exploitability
The CVSS score is 4.8, indicating moderate severity. The EPSS score is not available, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. The attack vector is likely through the secured web management console, requiring authenticated access to the Autotask configuration page; therefore the risk is limited to privileged users or those who can compromise an existing authenticated session. Given the moderate CVSS, the risk to environments that do not expose the management interface externally is lower, but upgrading promptly is still advisable.
OpenCVE Enrichment