CVE-2025-27852: n/a
The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a reflected cross site scripting (XSS) attack. This allows an attacker on the local network segment to execute arbitrary JavaScript code within the context of the WDU webpage. Full administrator level access to the device is possible. To initiate an exploit of this vulnerability, the victim must execute two actions: (1) view a specific URL served by the WDU, and (2) click an element on the rendered page.
AI Analysis
Technical Summary
This vulnerability affects Garmin WDU devices running versions v1 1.4.6 and v2 5.0. It is a reflected XSS flaw in the device's local web server, allowing an attacker on the same local network segment to execute arbitrary JavaScript code within the WDU's web interface context. Successful exploitation can lead to full administrator-level control of the device. The attack requires user interaction: the victim must access a specific URL served by the device and click an element on the page. There is no CVSS score or vendor advisory indicating a fix or mitigation.
Potential Impact
An attacker on the local network can leverage this vulnerability to execute arbitrary JavaScript in the device's web interface, potentially escalating privileges to full administrator access. This could allow unauthorized control or configuration changes to the Garmin WDU device. No known exploits are reported in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, restrict local network access to the Garmin WDU device to trusted users only and avoid interacting with untrusted URLs served by the device.
CVE-2025-27852: n/a
Description
The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a reflected cross site scripting (XSS) attack. This allows an attacker on the local network segment to execute arbitrary JavaScript code within the context of the WDU webpage. Full administrator level access to the device is possible. To initiate an exploit of this vulnerability, the victim must execute two actions: (1) view a specific URL served by the WDU, and (2) click an element on the rendered page.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability affects Garmin WDU devices running versions v1 1.4.6 and v2 5.0. It is a reflected XSS flaw in the device's local web server, allowing an attacker on the same local network segment to execute arbitrary JavaScript code within the WDU's web interface context. Successful exploitation can lead to full administrator-level control of the device. The attack requires user interaction: the victim must access a specific URL served by the device and click an element on the page. There is no CVSS score or vendor advisory indicating a fix or mitigation.
Potential Impact
An attacker on the local network can leverage this vulnerability to execute arbitrary JavaScript in the device's web interface, potentially escalating privileges to full administrator access. This could allow unauthorized control or configuration changes to the Garmin WDU device. No known exploits are reported in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, restrict local network access to the Garmin WDU device to trusted users only and avoid interacting with untrusted URLs served by the device.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2025-03-09T00:00:00.000Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a04e0c9cbff5d861008112b
Added to database: 5/13/2026, 8:36:25 PM
Last enriched: 5/13/2026, 8:52:50 PM
Last updated: 5/14/2026, 6:51:20 AM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.