WatchGuard Mobile VPN with SSL Local Privilege Escalation via Non-Standard Installation Directory

Advisory ID

WGSA-2025-00004

CVE

CVE-2025-2781

Impact

Medium

Status

Resolved

Product Family

Other Software

Published Date

2025-03-28

Updated Date

2025-03-28

Workaround Available

False

CVSS Score

6.3

CVSS Vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H

Summary

The WatchGuard Mobile VPN with SSL Client on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system.

Affected

This issue affects the Mobile VPN with SSL Client from 11.0 through 12.11.

Resolution

This issue is resolved in the Mobile VPN with SSL Client release 12.11.2.

Advisory Product List

Product Family	Product Branch	Product List
Other Software	SSL VPN	SSL VPN

Advisory List

Go to