A vital vulnerability in WatchGuard Firebox firewalls might permit attackers to achieve full administrative entry to the units with none authentication.
The flaw, tracked as CVE-2025-59396, stems from insecure default configurations that expose SSH entry on port 4118 utilizing hardcoded credentials.
WatchGuard Firebox home equipment by way of September 10, 2025, ship with default SSH credentials (admin:readwrite) that stay accessible on port 4118.
Because of this any attacker with community entry to the system can remotely join and achieve full administrative privileges.
The vulnerability requires no particular exploit instruments; easy SSH purchasers like PuTTY are enough to ascertain a connection.
Based on the advisory launched on GitHub, there’s a harmful misconfiguration that impacts your complete Firebox firewall collection.
AspectDetailsCVE IDCVE-2025-59396VendorWatchGuardProductFirebox SeriesAffected ComponentSSH Service (Port 4118)Assault VectorRemote unauthenticated accessCVSS ImpactsRCE, Privilege Escalation, Info Disclosure
WatchGuard Firebox Firewall Vulnerability
An unauthenticated distant attacker can retrieve delicate community data, together with ARP tables, community configurations, and person account particulars. They will additionally entry function keys and system location information.
Extra critically, attackers can modify or flip off firewall guidelines and safety insurance policies, successfully turning off community protections.
This opens the door to lateral motion all through the inner community, permitting attackers to unfold to different methods and exfiltrate priceless information.
In worst-case situations, attackers might utterly interrupt community companies or shut down vital infrastructure protected by the firewall.
GitHub-intimate organizations utilizing WatchGuard Firebox units ought to instantly verify their configurations. Change default SSH credentials instantly in the event that they haven’t been modified.
WatchGuard directors also needs to prohibit SSH entry on port 4118 if not required, or restrict it to approved IP addresses solely.
Verify WatchGuard’s safety advisories for firmware patches and comply with their remediation steerage. This vulnerability highlights the persistent risk posed by default credentials in community safety home equipment.
Firewall units, by their nature, defend vital community infrastructure; leaving them uncovered with default passwords primarily defeats their complete function.
Comply with us on Google Information, LinkedIn, and X for day by day cybersecurity updates. Contact us to function your tales.
