WatchGuard Patches Critical Privilege-Escalation Flaw in Mobile VPN IPSec Client for Windows
WatchGuard has issued a security advisory addressing a significant privilege-escalation vulnerability (WGSA-2026-00002 / NCPVE-2025-0626) in its Mobile VPN with IPSec client for Windows, which could allow local attackers to execute arbitrary commands with SYSTEM-level privileges. The flaw stems from underlying software technology provided by NCP Engineering and affects the installation management process, enabling attackers to bypass administrative protections.
The vulnerability manifests during installation, updates, or uninstallation of the software, where the MSI installer launches command-line windows (cmd.exe) running under the SYSTEM account the highest privilege level in Windows. On older Windows versions, these command prompts are interactive, allowing attackers to interrupt the process, interact with the open prompt, and execute malicious commands with inherited SYSTEM rights. While the CVSS score is 6.3 (Medium), the impact metrics rate Confidentiality, Integrity, and Availability as High, indicating a full system compromise if exploited.
The flaw affects WatchGuard Mobile VPN with IPSec client versions up to and including 15.19. No workarounds exist, and remediation requires upgrading to version 15.33 or higher, which modifies installer behavior to prevent exposure of elevated command prompts. Organizations using legacy Windows systems are at heightened risk due to the interactive nature of the vulnerability. WatchGuard and NCP Engineering have released the patch to address the issue.
Source: https://cybersecuritynews.com/watchguard-vpn-client-for-windows-vulnerability/
WatchGuard Technologies cybersecurity rating report: https://www.rankiteo.com/company/watchguard-technologies
NCP engineering Inc. cybersecurity rating report: https://www.rankiteo.com/company/ncp-engineering-inc.
"id": "WATNCP1770302039",
"linkid": "watchguard-technologies, ncp-engineering-inc.",
"type": "Vulnerability",
"date": "6/2025",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Cybersecurity',
'name': 'WatchGuard',
'type': 'Company'}],
'attack_vector': 'Local',
'description': 'WatchGuard has issued a security advisory addressing a '
'significant privilege-escalation vulnerability '
'(WGSA-2026-00002 / NCPVE-2025-0626) in its Mobile VPN with '
'IPSec client for Windows, which could allow local attackers '
'to execute arbitrary commands with SYSTEM-level privileges. '
'The flaw stems from underlying software technology provided '
'by NCP Engineering and affects the installation management '
'process, enabling attackers to bypass administrative '
'protections.',
'impact': {'operational_impact': 'Full system compromise possible',
'systems_affected': 'Windows systems with WatchGuard Mobile VPN '
'with IPSec client'},
'post_incident_analysis': {'corrective_actions': 'Modified installer behavior '
'to prevent exposure of '
'elevated command prompts.',
'root_causes': 'Flaw in the installation '
'management process of the Mobile '
'VPN with IPSec client for Windows, '
'exposing interactive command '
'prompts with SYSTEM privileges '
'during installation, updates, or '
'uninstallation.'},
'recommendations': 'Upgrade to WatchGuard Mobile VPN with IPSec client '
'version 15.33 or higher to mitigate the vulnerability.',
'references': [{'source': 'WatchGuard Security Advisory'}],
'response': {'remediation_measures': 'Upgrade to version 15.33 or higher'},
'title': 'WatchGuard Patches Critical Privilege-Escalation Flaw in Mobile VPN '
'IPSec Client for Windows',
'type': 'Privilege Escalation',
'vulnerability_exploited': 'Installation management process in Mobile VPN '
'with IPSec client for Windows'}