Mobile VPN Client with SSLVPN v 12.11.3 SAML broken following Edge Update on Windows Systems

Alan_Mercer

Yesterday Microsoft released Edge version 139.0.3405.86 which after Windows systems update to this version, the SSLVPN client using SAML authentication to Microsoft Entra is failing, locking out remote users. Reportedly downgrading Edge resolves the issue but with automatic and managed updates, this is a temporary and short term fix. Uninstalling the client and installing 12.11.2 client appears to work, but only because we have not yet upgraded the firebox to 12.11.3 from 12.11.1 Update 1 as we still have nearly 100 systems to update so that we can update the firewall. Reverting to legacy Active Directory authentication is also failing now, leaving client downgrades, a slow and tedious process with remote users, as our only option.

kimmo.pohjoisaho

https://techsearch.watchguard.com/KB?type=Known Issues&SFDCID=kA1Vr000000CffJKAS&lang=en_US

james.carson

Hi @Alan_Mercer

Please see the KB here for a workaround:
Mobile VPN with SSL Client v12.11.3 SAML connections fail after WebView2 v139 update

The SSLVPN client just has an update regarding a security vulnerability. You can use the 11.12.3 client on 11.12.2 with no issue if you're looking to upgrade the firewall later.

Enhancements and Resolved Issues in Fireware v12.11.3
This release resolves a local privilege escalation vulnerability in the Mobile VPN with SSL Client (CVE-2025-1910). View the full advisory details on psirt.watchguard.com. [WGSA-2025-00008]

B_Christ

The Workaround was working fine until Microsoft decided to remove all WebView Versions older than v139. Can you tell when a new Mobile VPN Client Version will be released? In our Case we just created local Users to make SSL VPN working for our Staff. Thank you and best Regards