Important safety alerts have been issued for Firebox firewall units because of critical ten vulnerabilities.
The vulnerabilities in WatchGuard, disclosed on December 4, 2025, span a number of severity ranges and assault vectors.
With a number of requiring pressing patching to stop unauthorized code execution and data disclosure.
Probably the most essential vulnerabilities allow authenticated attackers to execute arbitrary code all through out-of-bounds write flaws within the administration CLI and certificates daemon.
A number of Excessive-Severity Code Execution Flaws
CVE-2025-12195 and CVE-2025-12196 each carry CVSS scores of 8.6, permitting privileged customers to bypass safety controls via specifically crafted IPSec configuration and ping instructions.
Equally, CVE-2025-12026 within the certificates request performance achieves a CVSS rating of 8.6, creating pathways for administrative-level privilege abuse.
The integrity and availability of Firebox methods are additional threatened by CVE-2025-13940, which bypasses boot-time system integrity checks.
CVE-2025-11838, a reminiscence corruption vulnerability within the IKE daemon, triggers denial-of-service situations.
The latter earned a CVSS rating of 8.7 and impacts methods with IKEv2 VPN configurations and dynamic gateway friends.
CVE IDVulnerability TypeCVSS ScoreImpactCVE-2025-13940Boot Time System Integrity Test Bypass6.7MediumCVE-2025-1545XPath Injection in Net CGI8.2HighCVE-2025-13939Stored XSS in Gateway Wi-fi Controller4.8MediumCVE-2025-13938Stored XSS in Autotask Expertise Integration4.8MediumCVE-2025-13937Stored XSS in ConnectWise Expertise Integration4.8MediumCVE-2025-13936Stored XSS in Tigerpaw Expertise Integration4.8MediumCVE-2025-12196Out of Bounds Write in CLI Ping Command8.6HighCVE-2025-12195Out of Bounds Write in IPSec Configuration8.6HighCVE-2025-11838iked Reminiscence Corruption Vulnerability8.7HighCVE-2025-12026Out of Bounds Write in certd8.6High
Past code-execution dangers, WatchGuard addressed a number of information-disclosure vulnerabilities. CVE-2025-1545 exploits XPath injection in net CGI interfaces, permitting unauthenticated attackers to extract delicate configuration knowledge from methods with authentication hotspots enabled.
This vulnerability scores 8.2 on the CVSS scale and represents a essential knowledge publicity threat.
Reflecting a broader development in edge safety, WatchGuard additionally patched six saved cross-site scripting (XSS) vulnerabilities affecting third-party know-how integration modules.
Together with ConnectWise, Autotask, Tigerpaw, and Gateway Wi-fi Controller configurations. Whereas individually rated as medium severity, these flaws allow session hijacking and configuration tampering when attackers achieve administrative entry.
All vulnerabilities have now been resolved within the patched variations: Fireware OS 2025.1.3, 12.11.5, and 12.5.14 for affected platforms.
Organizations working Firebox home equipment should prioritize instant updates, notably those who expose administration interfaces or run legacy IPSec configurations.
Observe us on Google Information, LinkedIn, and X for every day cybersecurity updates. Contact us to characteristic your tales.
