CVE-2025-1910
📋 TL;DR
This vulnerability allows a non-administrative Windows user with local access to escalate privileges to SYSTEM level on machines running WatchGuard Mobile VPN with SSL Client. This affects Windows systems with versions 12.0 through 12.11.2 of the VPN client installed.
💻 Affected Systems
- WatchGuard Mobile VPN with SSL Client
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An attacker with local user access gains full SYSTEM privileges, enabling complete system compromise, credential theft, persistence establishment, and lateral movement capabilities.
Likely Case
Malicious insider or compromised user account escalates to SYSTEM to install malware, steal sensitive data, or maintain persistent access.
If Mitigated
With proper access controls and monitoring, impact is limited to isolated systems with quick detection and remediation.
🎯 Exploit Status
Exploitation requires local authenticated access but is likely straightforward once access is obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 12.11.3 or later
Vendor Advisory: https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00008
Restart Required: Yes
Instructions:
1. Download WatchGuard Mobile VPN with SSL Client version 12.11.3 or later from WatchGuard support portal. 2. Run installer on affected Windows systems. 3. Restart system after installation completes.
🔧 Temporary Workarounds
Remove vulnerable VPN client
windowsUninstall WatchGuard Mobile VPN with SSL Client if not required
Control Panel > Programs > Uninstall a program > Select 'WatchGuard Mobile VPN with SSL Client' > Uninstall
Restrict local user access
windowsLimit non-administrative user access to systems with vulnerable VPN client
🧯 If You Can't Patch
- Remove the VPN client from systems where it's not essential for operations
- Implement strict access controls and monitoring for systems with vulnerable client
🔍 How to Verify
Check if Vulnerable:
Check installed programs for 'WatchGuard Mobile VPN with SSL Client' and verify version is between 12.0 and 12.11.2Check Version:
wmic product where name='WatchGuard Mobile VPN with SSL Client' get versionVerify Fix Applied:
Verify installed version is 12.11.3 or later in Programs and Features📡 Detection & Monitoring
Log Indicators:
- Unexpected privilege escalation events
- Process creation with SYSTEM privileges from non-admin users
- WatchGuard VPN client service anomalies
Network Indicators:
- Unusual VPN connection patterns from compromised systems
SIEM Query:
EventID=4688 AND NewProcessName LIKE '%watchguard%' AND SubjectUserName NOT IN (admin_users)