← volver
CVE-2025-27853

CVE-2025-27853

CVSS 7.3 HIGHEPSS 0.3%CWE-306
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 7.3EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
13 may 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows its authentication to be bypassed. The WDU web site only performs authentication with the client within the client's browser. The WebSockets used to communicate with the WDU server do not enforce any authentication. An attacker may bypass all authentication mechanisms by directly utilizing the remote APIs available on the websocket.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Productos afectados
n/a · n/a