External risk intelligence

Garmin WDU could allow network attackers to take full control of the device.

Garmin Marine Network display units could allow external attackers to gain full administrative control if a user visits a malicious website from a workstation connected to both the marine and external networks. This potentially exposes sensitive system configurations and operational controls to unauthorized modificati…

NVD published May 13, 2026 (2 days ago)

External risk briefCRITICAL

CVE-2025-27851

Halo Surface Signal

1/ 5

The vulnerability affects Garmin Marine Network display units, which operate on specialized, isolated maritime networks. Exploitation requires a complex, non-standard network bridge between the marine network and an internet-connected workstation. This creates a barrier to public internet exposure, keeping the surface inherently internal and unlikely to be accessible to remote attackers.

Exposure facts

CVSS

9.3

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

EPSS

0.02%

H – Horizon Alert

A vulnerability in Garmin Marine Network display units can allow unauthorized parties to intercept and hijack the connections used to manage device settings. If a user visits a malicious website, an attacker could potentially gain full control over the unit, including its administrative functions. This poses a concern as it enables potential unauthorized modification of sensitive system configurations.

A – Asset Exposure

This issue affects the Garmin WDU management interface, potentially allowing an attacker to gain full administrative control over the device. The vulnerability is restricted to specific, complex network configurations where a workstation is simultaneously connected to the Garmin Marine Network and an external network. If a user in this environment navigates to a malicious website, their device's critical system settings and operational controls may be accessed or modified by an unauthorized party. This risk is generally limited to these specific, multihomed network setups rather than broad, public internet exposure.

L – Live Threat

The available information does not indicate active exploitation or observed targeting of this vulnerability. While this issue could theoretically allow unauthorized control of affected devices, successful exploitation relies on specific, complex conditions, such as the victim simultaneously accessing a malicious website while using a system connected to multiple networks. Consequently, there are no current indicators of imminent threat or high-likelihood impact associated with this activity.

O – Operational Fix

To address this risk, please have your technical teams review the provided Garmin support resources for any available software updates or configuration guidance. As a precautionary measure, consider restricting network access on workstations to ensure systems do not bridge the Marine Network with external, untrusted internet connections. If a direct update is not currently listed, please prioritize validating your current system configuration and following all official manufacturer guidance to ensure your equipment remains secure.