CVE-2025-27851: n/a
The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a cross-site origin WebSocket hijacking attack. Among other uses, the WDU utilizes WebSockets to control settings, including administrative settings. This allows a network attacker to take full control of a WDU. To initiate an exploit of this vulnerability, the victim must (1) be utilizing a web browser on a multihomed host that has local interfaces on the Garmin Marine Network as well as another network, and (2) access a malicious third party website created by the attacker.
AI Analysis
Technical Summary
The Garmin WDU devices running versions v1 1.4.6 and v2 5.0 have a vulnerability that permits cross-site origin WebSocket hijacking via their locally served web interface. The WebSocket connections control device settings, including administrative functions, which an attacker can hijack if the victim accesses a malicious website from a multihomed host connected to both the Garmin Marine Network and an external network. This attack vector allows an attacker to gain full control over the WDU device. No CVSS score or remediation information is currently provided.
Potential Impact
Successful exploitation allows a network attacker to take full control of the Garmin WDU device, including administrative settings, potentially compromising the device's operation and security. The attack requires specific network conditions and victim interaction with a malicious website. There are no known active exploits reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should avoid accessing untrusted websites from multihomed hosts connected to the Garmin Marine Network and consider network segmentation to limit exposure. Monitor vendor communications for updates on patches or mitigations.
CVE-2025-27851: n/a
Description
The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a cross-site origin WebSocket hijacking attack. Among other uses, the WDU utilizes WebSockets to control settings, including administrative settings. This allows a network attacker to take full control of a WDU. To initiate an exploit of this vulnerability, the victim must (1) be utilizing a web browser on a multihomed host that has local interfaces on the Garmin Marine Network as well as another network, and (2) access a malicious third party website created by the attacker.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The Garmin WDU devices running versions v1 1.4.6 and v2 5.0 have a vulnerability that permits cross-site origin WebSocket hijacking via their locally served web interface. The WebSocket connections control device settings, including administrative functions, which an attacker can hijack if the victim accesses a malicious website from a multihomed host connected to both the Garmin Marine Network and an external network. This attack vector allows an attacker to gain full control over the WDU device. No CVSS score or remediation information is currently provided.
Potential Impact
Successful exploitation allows a network attacker to take full control of the Garmin WDU device, including administrative settings, potentially compromising the device's operation and security. The attack requires specific network conditions and victim interaction with a malicious website. There are no known active exploits reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should avoid accessing untrusted websites from multihomed hosts connected to the Garmin Marine Network and consider network segmentation to limit exposure. Monitor vendor communications for updates on patches or mitigations.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2025-03-09T00:00:00.000Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a04e0c9cbff5d8610081127
Added to database: 5/13/2026, 8:36:25 PM
Last enriched: 5/13/2026, 8:52:58 PM
Last updated: 5/14/2026, 6:45:31 AM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.