Primary

Context

WatchGuard Firebox Leftover Debug Code Vulnerability

Vulnerability

Patched

A vulnerability exists in WatchGuard Firebox devices running Fireware OS versions 12.0 prior to 12.11.2. An authenticated admin user with access to both the management WebUI and command line interface can exploit this vulnerability by uploading a platform and version-specific diagnostic package. After the package is uploaded, the user can execute a leftover diagnostic command to enable a diagnostic debug shell.

Impact

Exploitation of this vulnerability allows for the activation of a diagnostic debug shell, which could potentially be misused to access or manipulate system functions or data.

Remediation

Users can upgrade to Fireware OS 12.11.3 or, for T15 and T35 models, to Fireware OS 12.5.13.

Added: Oct 24, 2025, 10:19 PM

Updated: Oct 24, 2025, 10:19 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

0.0

exploitability

4.0

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

0.0

exploitability

4.0

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WatchGuard Firebox Leftover Debug Code Vulnerability

Vulnerability

Impact

Remediation

Affected Products

WatchGuard Fireware OS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating