CVE-2025-27852

Published: May 13, 2026

Modified: May 14, 2026

PUBLISHED

Description

The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a reflected cross site scripting (XSS) attack. This allows an attacker on the local network segment to execute arbitrary JavaScript code within the context of the WDU webpage. Full administrator level access to the device is possible. To initiate an exploit of this vulnerability, the victim must execute two actions: (1) view a specific URL served by the WDU, and (2) click an element on the rendered page.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://garmin.com

https://www8.garmin.com/support/ch.jsp?product=010-02642-00

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-27852

Description

Affected Products

References