CVE-2025-11838
BaseFortify
Publication date: 2025-12-04
Last updated on: 2025-12-16
Assigner: WatchGuard Technologies, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| watchguard | fireware | From 2025.1 (inc) to 2025.1.3 (exc) |
| watchguard | firebox_t115-w | * |
| watchguard | firebox_t125 | * |
| watchguard | firebox_t125-w | * |
| watchguard | firebox_t145 | * |
| watchguard | firebox_t145-w | * |
| watchguard | firebox_t185 | * |
| watchguard | fireware | From 12.0.0 (inc) to 12.11.5 (exc) |
| watchguard | firebox_m270 | * |
| watchguard | firebox_m290 | * |
| watchguard | firebox_m370 | * |
| watchguard | firebox_m390 | * |
| watchguard | firebox_m440 | * |
| watchguard | firebox_m4600 | * |
| watchguard | firebox_m470 | * |
| watchguard | firebox_m4800 | * |
| watchguard | firebox_m5600 | * |
| watchguard | firebox_m570 | * |
| watchguard | firebox_m5800 | * |
| watchguard | firebox_m590 | * |
| watchguard | firebox_m670 | * |
| watchguard | firebox_m690 | * |
| watchguard | firebox_nv5 | * |
| watchguard | firebox_t20 | * |
| watchguard | firebox_t25 | * |
| watchguard | firebox_t40 | * |
| watchguard | firebox_t45 | * |
| watchguard | firebox_t55 | * |
| watchguard | firebox_t70 | * |
| watchguard | firebox_t80 | * |
| watchguard | firebox_t85 | * |
| watchguard | fireboxcloud | * |
| watchguard | fireboxv | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-763 | The product attempts to return a memory resource to the system, but it calls the wrong release function or calls the appropriate release function incorrectly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a memory corruption issue in WatchGuard Fireware OS that allows an unauthenticated attacker to cause a Denial of Service (DoS) condition. It affects the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can cause a Denial of Service (DoS) condition, potentially disrupting VPN services and preventing legitimate users from accessing network resources.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade your WatchGuard Fireware OS to version 12.11.5 or later, or 2025.1.3 or later, as these versions contain the fix for the vulnerability. There is no workaround available, so applying the update is the immediate and recommended step. [1]