CVE-2025-27853

⚠️ high

Summary

The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows its authentication to be bypassed. The WDU web site only performs authentication with the client within the client's browser. The WebSockets used to communicate with the WDU server do not enforce any authentication. An attacker may bypass all authentication mechanisms by directly utilizing the remote APIs available on the websocket.

CVSS Score

7.3

High

EPSS Score

0.1

Exploit Probability

Published Date

2026-05-13

First Seen: 2026-05-17

📊 Relative Risk Intelligence

This CVE is Moderate Risk - more severe than 55.5% of all 328,009 vulnerabilities in our database.

#145,998

Above average severity

Severity Percentile

🎯 CISA SSVC Assessment Updated: May 14, 2026

🔍 Exploitation Status

None

No known exploits

⚙️ Automatable

YES

Can be exploited automatically

💥 Technical Impact

Partial

Limited system impact

SSVC data provided by CISA

Last Modified 2026-06-02

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE IDs (Weakness Types)

CWE-306

Vendor	Product	Status	Affected Versions
garmin	empirbus_wireless_display_unit_firmware	Affected	v1.4.6
garmin	empirbus_wireless_display_unit_firmware	Affected	v5.00

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2025-27850	⚠️ high	7.5	0.1	The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a symlink attack. If a malicious graphics pac...	2026-05-13
CVE-2025-27851	⛔ critical	9.3	0.0	The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a cross-site origin WebSocket hijacking attac...	2026-05-13
CVE-2025-27852	🔶 medium	5.0	0.0	The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a reflected cross site scripting (XSS) attack...	2026-05-13

CVE-2025-27853

Summary

📊 Relative Risk Intelligence

🎯 CISA SSVC Assessment Updated: May 14, 2026

📦 Affected Products 2

🔗 References 2

🔗 Related CVEs 3