CVE-2025-27852
🔶 mediumSummary
The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a reflected cross site scripting (XSS) attack. This allows an attacker on the local network segment to execute arbitrary JavaScript code within the context of the WDU webpage. Full administrator level access to the device is possible. To initiate an exploit of this vulnerability, the victim must execute two actions: (1) view a specific URL served by the WDU, and (2) click an element on the rendered page.
CVSS Score
5.0
Medium
EPSS Score
0.0
Exploit Probability
Published Date
2026-05-13
First Seen: 2026-05-17
📊 Relative Risk Intelligence
This CVE is Lower Risk - more severe than 19.3% of all 328,009 vulnerabilities in our database.
#264,733
Below average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: May 14, 2026
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Partial
Limited system impact
SSVC data provided by
CISA
Last Modified
2026-06-02
Source
NVD 🔗
CVSS Vector 3.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE IDs (Weakness Types)