CVE-2025-27850

Published: May 13, 2026

Modified: May 14, 2026

PUBLISHED

Description

The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a symlink attack. If a malicious graphics package containing symlinks is uploaded, the web server follows the supplied links when serving content. No mechanisms to restrict those link targets to a specific area of the filesystem is enabled. This allows an attacker to retrieve arbitrary files from the device.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://garmin.com

https://www8.garmin.com/support/ch.jsp?product=010-02642-00

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-27850

Description

Affected Products

References