Firebox Authenticated Arbitrary File Upload Vulnerability
Advisory ID
WGSA-2022-00008
CVE
CVE-2022-25360
Impact
High
Status
Resolved
Product Family
Firebox
Published Date
Updated Date
Workaround Available
False
CVSS Score
8.8
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Updated September 5 2025: Updated to clarify Fireware OS 12.3.1 Update 2 (FIPS-certified release) resolves this issue
WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to upload files to arbitrary locations.
Affected
This vulnerability affects Fireware OS 12.0 up to and including 12.7.2_Update1 (B652282 & B652363)
Resolution
| Vulnerable Version | Resolved Version |
|---|---|
| 12.x | 12.8 |
| 12.7.x | 12.7.2_Update2 (B655803) |
| 12.5.x (T15 & T35 models) | 12.5.9_Update2 (B655824 & B655924) |
| 12.3.1 (FIPS-certified release) | 12.3.1_Update2 (B675192) |
| 12.1.x (XTM 800, 1500, 2500 and XTMv models) | 12.1.3_Update8 (B655817 & B658867) |
Credits
Internally discovered
Advisory Product List
| Product Family | Product Branch | Product List |
|---|---|---|
Firebox
|
Fireware OS 12.x | T20, T25, T40, T45, T55, T70, T80, T85, M270, M290, M370, M390, M470, M570, M590, M670, M690, M440, M4600, M4800, M5600, M5800, Firebox Cloud, Firebox NV5, FireboxV |
Firebox
|
Fireware OS 12.5.x | T15, T35 |