Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | n/a | affected |
|
No data.
No data.
OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.
No data.
Project Subscriptions
No data.
No advisories yet.
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Wed, 13 May 2026 21:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Arbitrary File Disclosure via Symlink Attack on Garmin WDU Local Web Server | |
| Weaknesses | CWE-22 |
Wed, 13 May 2026 20:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a symlink attack. If a malicious graphics package containing symlinks is uploaded, the web server follows the supplied links when serving content. No mechanisms to restrict those link targets to a specific area of the filesystem is enabled. This allows an attacker to retrieve arbitrary files from the device. | |
| References |
|
Projects
Sign in to view the affected projects.
MITRE
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2026-05-13T19:54:54.252Z
Reserved: 2025-03-09T00:00:00.000Z
Link: CVE-2025-27850
Vulnrichment
No data.
NVD
Status : Received
Published: 2026-05-13T21:16:41.100
Modified: 2026-05-13T21:16:41.100
Link: CVE-2025-27850
Redhat
No data.
OpenCVE Enrichment
Updated: 2026-05-13T21:30:04Z