Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | n/a | affected |
|
No data.
No data.
OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.
No data.
Project Subscriptions
No data.
No advisories yet.
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Wed, 13 May 2026 21:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | WebSocket Hijacking Exploit Enables Full Control of Garmin WDU | |
| Weaknesses | CWE-1030 CWE-307 |
Wed, 13 May 2026 20:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a cross-site origin WebSocket hijacking attack. Among other uses, the WDU utilizes WebSockets to control settings, including administrative settings. This allows a network attacker to take full control of a WDU. To initiate an exploit of this vulnerability, the victim must (1) be utilizing a web browser on a multihomed host that has local interfaces on the Garmin Marine Network as well as another network, and (2) access a malicious third party website created by the attacker. | |
| References |
|
Projects
Sign in to view the affected projects.
MITRE
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2026-05-13T19:55:27.554Z
Reserved: 2025-03-09T00:00:00.000Z
Link: CVE-2025-27851
Vulnrichment
No data.
NVD
Status : Received
Published: 2026-05-13T21:16:41.233
Modified: 2026-05-13T21:16:41.233
Link: CVE-2025-27851
Redhat
No data.
OpenCVE Enrichment
Updated: 2026-05-13T21:30:04Z