Primary

Context

WatchGuard Fireware OS Memory Corruption Vulnerability Leading to Denial-of-Service

Vulnerability

Patched

A memory corruption vulnerability has been identified in WatchGuard Fireware OS. This vulnerability may allow an unauthenticated attacker to cause a denial-of-service condition in the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2, when configured with a dynamic gateway peer. The issue affects Fireware OS versions 12.0 through 12.11.4, as well as 2025.1 versions up to and including 2025.1.2.

Impact

Exploitation of this vulnerability can lead to a denial-of-service condition, causing affected VPN services to become unavailable.

Remediation

Users can upgrade to Fireware OS 12.11.5 or 2025.1.3 to address this vulnerability.

Added: Dec 4, 2025, 10:33 PM

Updated: Dec 4, 2025, 10:33 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

7.0

remediation

7.7

relevance

1.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

7.0

remediation

7.7

relevance

1.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WatchGuard Fireware OS Memory Corruption Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

WatchGuard Fireware OS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating