WatchGuard Fireware OS
Moderate fix4 remedies
cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*
Moderate fix4 remedies
- >= 11.0, <= 11.12.4+541730
- >= 12.0, <= 12.11.4
- >= 12.5, <= 12.5.13
- >= 2025.1, <= 2025.1.2
WatchGuard Fireware OS Out-of-Bounds Write Vulnerability in CLI IPSec Configuration Allowing Arbitrary Code Execution
Vulnerability
Patched
A vulnerability allowing out-of-bounds write has been identified in the CLI of WatchGuard Fireware OS. This issue could enable an authenticated privileged user to execute arbitrary code by using specially crafted IPSec configuration commands. The vulnerability is present in Fireware OS versions 11.0 through 11.12.4+541730, 12.0 through 12.11.4, 12.5 through 12.5.13, and 2025.1 through 2025.1.2.
Impact
Exploitation of this vulnerability could lead to unauthorized execution of arbitrary code on the affected device.
Remediation
Users can upgrade to Fireware OS 2025.1.3, 12.11.5, or 12.5.14 (for T15 & T35 models) to address this vulnerability. For devices on Fireware OS 11.x, this version is no longer supported.
Added: Dec 4, 2025, 10:31 PM
Updated: Dec 4, 2025, 10:31 PM
Vulnerability Rating
Custom Algorithm
spread
4.5impact
7.5exploitability
4.4remediation
7.7relevance
1.3threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.