CVE-2025-2781

The WatchGuard Mobile VPN with SSL Client on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system.



This issue affects Mobile VPN with SSL Client: from 11.0 through 12.11.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
WatchGuardCNA
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
Common Weakness Enumeration
References
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00004