WatchGuard Firebox Authenticated Out of Bounds Write in Management CLI IPSec Configuration
Advisory ID
WGSA-2025-00019
CVE
CVE-2025-12195
Impact
High
Status
Resolved
Product Family
Firebox
Published Date
Updated Date
Workaround Available
False
CVSS Score
8.6
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated privileged user to execute arbitrary code via specially crafted IPSec configuration CLI commands.
Affected
This vulnerability affects Fireware OS 11.0 up to and including 11.12.4+541730, 12.0 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2.
Resolution
| Vulnerable Version | Resolved Version |
|---|---|
| 2025.1 | 2025.1.3 |
| 12.x | 12.11.5 |
| 12.5.x (T15 & T35 models) | 12.5.14 |
| 11.x | End of Life |
Credits
Cody Sixteen
Advisory Product List
| Product Family | Product Branch | Product List |
|---|---|---|
Firebox
|
Fireware OS 12.5.x | T15, T35 |
Firebox
|
Fireware OS 2025.1.x | T115-W, T125, T125-W, T145, T145-W, T185, M295, M395, M495, M595, M695 |
Firebox
|
Fireware OS 12.x | T20, T25, T40, T45, T55, T70, T80, T85, M270, M290, M370, M390, M470, M570, M590, M670, M690, M440, M4600, M4800, M5600, M5800, Firebox Cloud, Firebox NV5, FireboxV |