WatchGuard Firebox Leftover Debug Code Vulnerability
Advisory ID
WGSA-2025-00010
CVE
CVE-2025-4106
Impact
High
Status
Resolved
Product Family
Firebox
Published Date
Updated Date
Workaround Available
False
CVSS Score
8.9
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Summary
Updated September 17 2025: Updated to add Fireware OS 12.5.13 as a resolved release
An authenticated admin user with access to both the management WebUI and command line interface on a Firebox can enable a diagnostic debug shell by uploading a platform and version-specific diagnostic package and executing a leftover diagnostic command.
Affected
This issue affects Fireware OS: from 12.0 up to and including 12.11.2.
Resolution
| Vulnerable Version | Resolved Version |
|---|---|
| 12.x | 12.11.3 |
| 12.5.x (T15 & T35 models) | 12.5.13 |
Advisory Product List
| Product Family | Product Branch | Product List |
|---|---|---|
Firebox
|
Fireware OS 12.5.x | T15, T35 |
Firebox
|
Fireware OS 12.x | T20, T25, T40, T45, T55, T70, T80, T85, M270, M290, M370, M390, M470, M570, M590, M670, M690, M440, M4600, M4800, M5600, M5800, Firebox Cloud, Firebox NV5, FireboxV |