News and Analysis

Critical security alerts have been issued for Firebox firewall devices due to serious ten vulnerabilities.

The vulnerabilities in WatchGuard, disclosed on December 4, 2025, span multiple severity levels and attack vectors.

With several requiring urgent patching to prevent unauthorized code execution and information disclosure.

The most critical vulnerabilities enable authenticated attackers to execute arbitrary code throughout out-of-bounds write flaws in the management CLI and certificate daemon.

Multiple High-Severity Code Execution Flaws

CVE-2025-12195 and CVE-2025-12196 both carry CVSS scores of 8.6, allowing privileged users to bypass security controls through specially crafted IPSec configuration and ping commands.

Similarly, CVE-2025-12026 in the certificate request functionality achieves a CVSS score of 8.6, creating pathways for administrative-level privilege abuse.

The integrity and availability of Firebox systems are further threatened by CVE-2025-13940, which bypasses boot-time system integrity checks.

CVE-2025-11838, a memory corruption vulnerability in the IKE daemon, triggers denial-of-service conditions.

The latter earned a CVSS score of 8.7 and affects systems with IKEv2 VPN configurations and dynamic gateway peers.

CVE IDVulnerability TypeCVSS ScoreImpactCVE-2025-13940Boot Time System Integrity Check Bypass6.7MediumCVE-2025-1545XPath Injection in Web CGI8.2HighCVE-2025-13939Stored XSS in Gateway Wireless Controller4.8MediumCVE-2025-13938Stored XSS in Autotask Technology Integration4.8MediumCVE-2025-13937Stored XSS in ConnectWise Technology Integration4.8MediumCVE-2025-13936Stored XSS in Tigerpaw Technology Integration4.8MediumCVE-2025-12196Out of Bounds Write in CLI Ping Command8.6HighCVE-2025-12195Out of Bounds Write in IPSec Configuration8.6HighCVE-2025-11838iked Memory Corruption Vulnerability8.7HighCVE-2025-12026Out of Bounds Write in certd8.6High

Beyond code-execution risks, WatchGuard addressed multiple information-disclosure vulnerabilities. CVE-2025-1545 exploits XPath injection in web CGI interfaces, allowing unauthenticated attackers to extract sensitive configuration data from systems with authentication hotspots enabled.

This vulnerability scores 8.2 on the CVSS scale and represents a critical data exposure risk.

Reflecting a broader trend in edge security, WatchGuard also patched six stored cross-site scripting (XSS) vulnerabilities affecting third-party technology integration modules.

Including ConnectWise, Autotask, Tigerpaw, and Gateway Wireless Controller configurations. While individually rated as medium severity, these flaws enable session hijacking and configuration tampering when attackers gain administrative access.

All vulnerabilities have now been resolved in the patched versions: Fireware OS 2025.1.3, 12.11.5, and 12.5.14 for affected platforms.

Organizations operating Firebox appliances must prioritize immediate updates, particularly those that expose management interfaces or run legacy IPSec configurations.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Critical WatchGuard Firebox Vulnerabilities Let Attackers Bypass Integrity Checks and Inject Malicious Codes appeared first on Cyber Security News.