CVE-2025-4106
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-10-24
Last updated on: 2025-10-27
Assigner: WatchGuard Technologies, Inc.
Description
Description
An authenticated admin user with access to both the management WebUI and command line interface on a Firebox can enable a diagnostic debug shell by uploading a platform and version-specific diagnostic package and executing a leftover diagnostic command.
This issue affects Fireware OS: from 12.0 before 12.11.2.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| watchguard | firebox | m470 |
| watchguard | firebox | 12.5.x |
| watchguard | firebox | t70 |
| watchguard | firebox | m370 |
| watchguard | firebox | m390 |
| watchguard | firebox | m4800 |
| watchguard | firebox | 12.11.2 |
| watchguard | firebox | cloud |
| watchguard | firebox | t40 |
| watchguard | firebox | t80 |
| watchguard | firebox | nv5 |
| watchguard | firebox | t45 |
| watchguard | firebox | t25 |
| watchguard | firebox | t20 |
| watchguard | firebox | t15 |
| watchguard | firebox | m270 |
| watchguard | firebox | m440 |
| watchguard | firebox | m290 |
| watchguard | firebox | m5600 |
| watchguard | firebox | m4600 |
| watchguard | firebox | t55 |
| watchguard | firebox | 12.0 |
| watchguard | firebox | m570 |
| watchguard | firebox | t35 |
| watchguard | firebox | fireboxv |
| watchguard | firebox | t85 |
| watchguard | firebox | m5800 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-489 | The product is released with debugging code still enabled or active. |
