Home / Vulnerability Intelligence / CVE-2025-27851

CVE-2025-27851 - Vulnerability Analysis

CriticalCVSS: 9.3

Last Updated: May 14, 2026

Garmin WDU - Cross Site Request Forgery

Published: May 13, 2026Updated: May 14, 2026Remote Exploitable

Overview

Garmin WDU v1 1.4.6 and v2 5.0 contain a cross-site request forgery caused by cross-site origin WebSocket hijacking in the locally served website, letting network attackers take full control of the device, exploit requires victim to access a malicious website from a multihomed host.

Severity & Score

Severity: Critical

CVSS Score: 9.3

Impact

Network attackers can take full control of the device by hijacking WebSocket connections.

Mitigation

Update to the latest version that addresses WebSocket hijacking vulnerabilities.

References

https://garmin.com
https://www8.garmin.com/support/ch.jsp?product=010-02642-00

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2025-27851
Severity: Critical
CVSS Score: 9.3
Type: cross_site_request_forgery
Status: unconfirmed

CWE

CWE-352

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N