CVE-2025-27850 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2025-27850

Analyzed

More Info Official Page

Source-cve@mitre.org

Published At-13 May, 2026 | 21:16

Updated At-02 Jun, 2026 | 18:49

The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a symlink attack. If a malicious graphics package containing symlinks is uploaded, the web server follows the supplied links when serving content. No mechanisms to restrict those link targets to a specific area of the filesystem is enabled. This allows an attacker to retrieve arbitrary files from the device.

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Type: Secondary

Version: 3.1

Base score: 7.5

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CPE Matches

garmin>>empirbus_wireless_display_unit_firmware>>1.4.6

cpe:2.3:o:garmin:empirbus_wireless_display_unit_firmware:1.4.6:*:*:*:*:*:*:*

garmin>>empirbus_wireless_display_unit>>v1

cpe:2.3:h:garmin:empirbus_wireless_display_unit:v1:*:*:*:*:*:*:*

garmin>>empirbus_wireless_display_unit_firmware>>5.00

cpe:2.3:o:garmin:empirbus_wireless_display_unit_firmware:5.00:*:*:*:*:*:*:*

garmin>>empirbus_wireless_display_unit>>v2

cpe:2.3:h:garmin:empirbus_wireless_display_unit:v2:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-59	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0

CWE ID: CWE-59

Type: Secondary

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

References

Hyperlink	Source	Resource
https://garmin.com	cve@mitre.org	Product
https://www8.garmin.com/support/ch.jsp?product=010-02642-00	cve@mitre.org	Release Notes

Hyperlink: https://garmin.com

Source: cve@mitre.org

Resource:

Product

Hyperlink: https://www8.garmin.com/support/ch.jsp?product=010-02642-00

Source: cve@mitre.org

Resource:

Release Notes