CVE-2025-27853
Last modified
CVE-2025-27853 is a high-severity vulnerability rated 7.3/10 on the CVSS scale. The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows its authentication to be bypassed. The WDU web site only performs authentication with the client within the client's browser. EPSS estimates a 0.30% chance of exploitation in the next 30 days.
Description
The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows its authentication to be bypassed. The WDU web site only performs authentication with the client within the client's browser. The WebSockets used to communicate with the WDU server do not enforce any authentication. An attacker may bypass all authentication mechanisms by directly utilizing the remote APIs available on the websocket.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Garmin | Empirbus Wireless Display Unit Firmware | 1.4.6 |
| Garmin | Empirbus Wireless Display Unit Firmware | 5.00 |
References
- https://garmin.comProduct
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-27853?
How severe is CVE-2025-27853?
How do I fix CVE-2025-27853?
Are you affected by CVE-2025-27853?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST