#VU112910 Inconsistent interpretation of HTTP requests in Fireware OS - CVE-2025-6999
Published: July 15, 2025
Vulnerability identifier: #VU112910
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-6999
CWE-ID: CWE-444
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Fireware OS
Fireware OS
Software vendor:
WatchGuard
WatchGuard
Description
The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.
The vulnerability exists due to improper validation of HTTP requests in the Authentication portal. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.
Remediation
Install updates from vendor's website.