Firebox Authenticated Heap Overflow Vulnerability via Malicious Firmware Update
Advisory ID
WGSA-2022-00005
CVE
CVE-2022-25291
Impact
High
Status
Resolved
Product Family
Firebox
Published Date
Updated Date
Workaround Available
False
CVSS Score
7.2
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Updated September 5 2025: Updated to clarify Fireware OS 12.3.1 Update 2 (FIPS-certified release) resolves this issue
An integer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to trigger a heap-based buffer overflow and potentially execute arbitrary code by initiating a firmware update with a malicious upgrade image.
Affected
This vulnerability affects Fireware OS 12.0 up to and including 12.7.2_Update1 (B652282 & B652363)
Resolution
| Vulnerable Version | Resolved Version |
|---|---|
| 12.x | 12.8 |
| 12.7.x | 12.7.2_Update2 (B655803) |
| 12.5.x (T15 & T35 models) | 12.5.9_Update2 (B655824 & B655924) |
| 12.3.1 (FIPS-certified release) | 12.3.1_Update2 (B675192) |
| 12.1.x (XTM 800, 1500, 2500 and XTMv models) | 12.1.3_Update8 (B655817 & B658867) |
Credits
Internally discovered
Advisory Product List
| Product Family | Product Branch | Product List |
|---|---|---|
Firebox
|
Fireware OS 12.x | T20, T25, T40, T45, T55, T70, T80, T85, M270, M290, M370, M390, M470, M570, M590, M670, M690, M440, M4600, M4800, M5600, M5800, Firebox Cloud, Firebox NV5, FireboxV |
Firebox
|
Fireware OS 12.5.x | T15, T35 |