CVE-2025-12026
BaseFortify
Publication date: 2025-12-04
Last updated on: 2025-12-10
Assigner: WatchGuard Technologies, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| watchguard | fireware | From 2025.1 (inc) to 2025.1.3 (exc) |
| watchguard | firebox_t115-w | * |
| watchguard | firebox_t125 | * |
| watchguard | firebox_t125-w | * |
| watchguard | firebox_t145 | * |
| watchguard | firebox_t145-w | * |
| watchguard | firebox_t185 | * |
| watchguard | fireware | From 12.0.0 (inc) to 12.11.5 (exc) |
| watchguard | firebox_m270 | * |
| watchguard | firebox_m290 | * |
| watchguard | firebox_m370 | * |
| watchguard | firebox_m390 | * |
| watchguard | firebox_m440 | * |
| watchguard | firebox_m4600 | * |
| watchguard | firebox_m470 | * |
| watchguard | firebox_m4800 | * |
| watchguard | firebox_m5600 | * |
| watchguard | firebox_m570 | * |
| watchguard | firebox_m5800 | * |
| watchguard | firebox_m590 | * |
| watchguard | firebox_m670 | * |
| watchguard | firebox_m690 | * |
| watchguard | firebox_nv5 | * |
| watchguard | firebox_t20 | * |
| watchguard | firebox_t25 | * |
| watchguard | firebox_t40 | * |
| watchguard | firebox_t45 | * |
| watchguard | firebox_t55 | * |
| watchguard | firebox_t70 | * |
| watchguard | firebox_t80 | * |
| watchguard | firebox_t85 | * |
| watchguard | fireboxcloud | * |
| watchguard | fireboxv | * |
| watchguard | fireware | From 12.5 (inc) to 12.5.14 (exc) |
| watchguard | firebox_t15 | * |
| watchguard | firebox_t35 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade your WatchGuard Fireware OS to a fixed version. The issue is resolved in Fireware OS versions 12.11.5, 12.5.14 (for T15 and T35 models), and 2025.1.3. No workaround is available, so applying the update is the immediate step to protect your system. [1]
Can you explain this vulnerability to me?
This vulnerability is an Out-of-bounds Write in WatchGuard Fireware OS's certificate request command. It allows an authenticated privileged user to execute arbitrary code by using specially crafted CLI commands. It affects specific versions of Fireware OS, including 12.0 up to 12.11.4, 12.5 up to 12.5.13, and 2025.1 up to 2025.1.2.
How can this vulnerability impact me? :
The vulnerability could allow an authenticated privileged user to execute arbitrary code on the affected system, potentially leading to unauthorized control, data compromise, or disruption of services.