CVE-2025-27853EPSS p21.1%

CVE-2025-27853CVE-2025-27853

garmin / empirbus_wireless_display_unit_firmware

Description

The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows its authentication to be bypassed. The WDU web site only performs authentication with the client within the client's browser. The WebSockets used to communicate with the WDU server do not enforce any authentication. An attacker may bypass all authentication mechanisms by directly utilizing the remote APIs available on the websocket.

Scoring

CVSS 7.3 ()
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS0.30% probability of exploitation · percentile 21.1% · 2026-06-19T12:03:05Z
Last modified2026-06-02

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-27851
CVE
CVE-2025-27852
CVE
CVE-2025-27850
CVE
CVE-2026-30702
CVE
CVE-2026-27772
CVE
CVE-2025-54816
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.