Critical security alerts have been issued for Firebox firewall devices due to serious ten vulnerabilities.
The vulnerabilities in WatchGuard, disclosed on December 4, 2025, span multiple severity levels and attack vectors.
With several requiring urgent patching to prevent unauthorized code execution and information disclosure.
The most critical vulnerabilities enable authenticated attackers to execute arbitrary code throughout out-of-bounds write flaws in the management CLI and certificate daemon.
Multiple High-Severity Code Execution Flaws
CVE-2025-12195 and CVE-2025-12196 both carry CVSS scores of 8.6, allowing privileged users to bypass security controls through specially crafted IPSec configuration and ping commands.
Similarly, CVE-2025-12026 in the certificate request functionality achieves a CVSS score of 8.6, creating pathways for administrative-level privilege abuse.
The integrity and availability of Firebox systems are further threatened by CVE-2025-13940, which bypasses boot-time system integrity checks.
CVE-2025-11838, a memory corruption vulnerability in the IKE daemon, triggers denial-of-service conditions.
The latter earned a CVSS score of 8.7 and affects systems with IKEv2 VPN configurations and dynamic gateway peers.
| CVE ID | Vulnerability Type | CVSS Score | Impact |
|---|---|---|---|
| CVE-2025-13940 | Boot Time System Integrity Check Bypass | 6.7 | Medium |
| CVE-2025-1545 | XPath Injection in Web CGI | 8.2 | High |
| CVE-2025-13939 | Stored XSS in Gateway Wireless Controller | 4.8 | Medium |
| CVE-2025-13938 | Stored XSS in Autotask Technology Integration | 4.8 | Medium |
| CVE-2025-13937 | Stored XSS in ConnectWise Technology Integration | 4.8 | Medium |
| CVE-2025-13936 | Stored XSS in Tigerpaw Technology Integration | 4.8 | Medium |
| CVE-2025-12196 | Out of Bounds Write in CLI Ping Command | 8.6 | High |
| CVE-2025-12195 | Out of Bounds Write in IPSec Configuration | 8.6 | High |
| CVE-2025-11838 | iked Memory Corruption Vulnerability | 8.7 | High |
| CVE-2025-12026 | Out of Bounds Write in certd | 8.6 | High |
Beyond code-execution risks, WatchGuard addressed multiple information-disclosure vulnerabilities. CVE-2025-1545 exploits XPath injection in web CGI interfaces, allowing unauthenticated attackers to extract sensitive configuration data from systems with authentication hotspots enabled.
This vulnerability scores 8.2 on the CVSS scale and represents a critical data exposure risk.
Reflecting a broader trend in edge security, WatchGuard also patched six stored cross-site scripting (XSS) vulnerabilities affecting third-party technology integration modules.
Including ConnectWise, Autotask, Tigerpaw, and Gateway Wireless Controller configurations. While individually rated as medium severity, these flaws enable session hijacking and configuration tampering when attackers gain administrative access.
All vulnerabilities have now been resolved in the patched versions: Fireware OS 2025.1.3, 12.11.5, and 12.5.14 for affected platforms.
Organizations operating Firebox appliances must prioritize immediate updates, particularly those that expose management interfaces or run legacy IPSec configurations.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
