CVE-2025-1547
BaseFortify
Publication date: 2025-12-04
Last updated on: 2025-12-10
Assigner: WatchGuard Technologies, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| watchguard | fireware | From 12.0.0 (inc) to 12.11.3 (exc) |
| watchguard | firebox_m270 | * |
| watchguard | firebox_m290 | * |
| watchguard | firebox_m370 | * |
| watchguard | firebox_m390 | * |
| watchguard | firebox_m440 | * |
| watchguard | firebox_m4600 | * |
| watchguard | firebox_m470 | * |
| watchguard | firebox_m4800 | * |
| watchguard | firebox_m5600 | * |
| watchguard | firebox_m570 | * |
| watchguard | firebox_m5800 | * |
| watchguard | firebox_m590 | * |
| watchguard | firebox_m670 | * |
| watchguard | firebox_m690 | * |
| watchguard | firebox_nv5 | * |
| watchguard | firebox_t20 | * |
| watchguard | firebox_t25 | * |
| watchguard | firebox_t40 | * |
| watchguard | firebox_t45 | * |
| watchguard | firebox_t55 | * |
| watchguard | firebox_t70 | * |
| watchguard | firebox_t80 | * |
| watchguard | firebox_t85 | * |
| watchguard | fireboxcloud | * |
| watchguard | fireboxv | * |
| watchguard | fireware | From 12.5 (inc) to 12.5.13 (exc) |
| watchguard | firebox_t15 | * |
| watchguard | firebox_t35 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, administrators should avoid exposing management interfaces, including the CLI, to untrusted networks. Additionally, they should follow WatchGuardβs Firebox Remote Management Best Practices. Upgrading Fireware OS to versions 12.11.3 or 12.5.13 (or later) where the issue is resolved is recommended. No workaround is available. [1]
Can you explain this vulnerability to me?
This vulnerability is a stack-based buffer overflow in WatchGuard Fireware OS's certificate request command. It allows an authenticated privileged user to execute arbitrary code by sending specially crafted CLI commands. It affects Fireware OS versions from 12.0 through 12.5.12+701324 and from 12.6 through 12.11.2.
How can this vulnerability impact me? :
The vulnerability could allow an authenticated privileged user to execute arbitrary code on the affected system, potentially leading to unauthorized control, data compromise, or disruption of services.