Primary

Context

WatchGuard Firebox Cross-Site Request Forgery Vulnerability in Fireware Web UI

Vulnerability

Patched

A Cross-Site Request Forgery (CSRF) vulnerability exists in the WatchGuard Fireware OS WebUI. This vulnerability allows remote attackers to induce a denial-of-service (DoS) condition in the Fireware Web UI. The issue arises by convincing an authenticated administrator to visit a malicious web page. Affected Fireware OS versions include 11.8 prior to 11.12.4_Update1, 12.0 prior to 12.11.8, and 2025.1 prior to 2026.1.2.

Impact

Exploitation of this vulnerability can lead to a denial-of-service condition in the Fireware Web UI.

Remediation

Users can upgrade to Fireware OS 2026.2, 12.12, or 12.5.18 (for T15 & T35 models) to address this vulnerability. Fireware OS 11.x is no longer supported.

Added: Mar 30, 2026, 1:19 PM

Updated: Mar 30, 2026, 1:19 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

5.8

remediation

7.7

relevance

4.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

5.8

remediation

7.7

relevance

4.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WatchGuard Firebox Cross-Site Request Forgery Vulnerability in Fireware Web UI

Vulnerability

Impact

Remediation

Affected Products

WatchGuard Fireware OS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating