Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.3
CVE-2025-27851: Garmin WDU Cross-Site Attack Allows Full Control
CVE-2025-27851
Summary
The Garmin WDU's web interface on some versions can be hacked remotely by tricking the user into visiting a malicious website. This allows the hacker to take full control of the device. To stay safe, users should be cautious when accessing websites and ensure their device and browser are up to date.
Original title
The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a cross-site origin WebSocket hijacking attack. Among other uses, the WDU utilizes WebSockets to control settings, includi...
Original description
The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a cross-site origin WebSocket hijacking attack. Among other uses, the WDU utilizes WebSockets to control settings, including administrative settings. This allows a network attacker to take full control of a WDU. To initiate an exploit of this vulnerability, the victim must (1) be utilizing a web browser on a multihomed host that has local interfaces on the Garmin Marine Network as well as another network, and (2) access a malicious third party website created by the attacker.
Vulnerability type
CWE-352
Cross-Site Request Forgery (CSRF)
Published: 13 May 2026 · Updated: 23 May 2026 · First seen: 13 May 2026