CVE-2025-4106
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-4106, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-10-24

Last updated on: 2025-10-27

Assigner: WatchGuard Technologies, Inc.

Description

An authenticated admin user with access to both the management WebUI and command line interface on a Firebox can enable a diagnostic debug shell by uploading a platform and version-specific diagnostic package and executing a leftover diagnostic command. This issue affects Fireware OS: from 12.0 before 12.11.2.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-10-24
Last Modified
2025-10-27
Generated
2026-07-07
AI Q&A
2025-10-25
EPSS Evaluated
2026-07-06
NVD

Affected Vendors & Products

Showing 27 associated CPEs
Vendor Product Version / Range
watchguard firebox m470
watchguard firebox 12.5.x
watchguard firebox t70
watchguard firebox m370
watchguard firebox m390
watchguard firebox m4800
watchguard firebox 12.11.2
watchguard firebox cloud
watchguard firebox t40
watchguard firebox t80
watchguard firebox nv5
watchguard firebox t45
watchguard firebox t25
watchguard firebox t20
watchguard firebox t15
watchguard firebox m270
watchguard firebox m440
watchguard firebox m290
watchguard firebox m5600
watchguard firebox m4600
watchguard firebox t55
watchguard firebox 12.0
watchguard firebox m570
watchguard firebox t35
watchguard firebox fireboxv
watchguard firebox t85
watchguard firebox m5800

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-489 The product is released with debugging code still enabled or active.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability allows an authenticated admin user who has access to both the management WebUI and the command line interface on a Firebox device to enable a diagnostic debug shell. This is done by uploading a platform and version-specific diagnostic package and then executing a leftover diagnostic command, which should not be accessible in normal operation.

Impact Analysis

The vulnerability can impact you by potentially allowing an authenticated admin user to gain elevated debugging access to the device, which could be exploited to perform unauthorized actions or gather sensitive information. This could compromise the security and integrity of the Firebox device and the network it protects.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-4106. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart