Multiple vulnerabilities in WatchGuard Fireware OS



Risk Medium
Patch available YES
Number of vulnerabilities 10
CVE-ID CVE-2025-13939
CVE-2025-13938
CVE-2025-13937
CVE-2025-13936
CVE-2025-12196
CVE-2025-12195
CVE-2025-11838
CVE-2025-12026
CVE-2025-1545
CVE-2025-13940
CWE-ID CWE-79
CWE-787
CWE-119
CWE-643
CWE-440
Exploitation vector Network
Public exploit N/A
Vulnerable software
 Fireware OS
Operating systems & Components / Operating system

Vendor WatchGuard

Security Bulletin

This security bulletin contains information about 10 vulnerabilities.

1) Stored cross-site scripting

EUVDB-ID: #VU119382

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-13939

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Fireware OS: 11.3 - 2025.1.2

CPE2.3 External links

https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00024


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Stored cross-site scripting

EUVDB-ID: #VU119381

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-13938

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in Autotask Technology Integration Configuration. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Fireware OS: 12.0 - 2025.1.2

CPE2.3 External links

https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00023


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Stored cross-site scripting

EUVDB-ID: #VU119380

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-13937

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in ConnectWise Technology Integration Configuration. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Fireware OS: 12.0 - 2025.1.2

CPE2.3 External links

https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00022


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Stored cross-site scripting

EUVDB-ID: #VU119379

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-13936

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in Tigerpaw Technology Integration Configuration. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Fireware OS: 12.0 - 2025.1.2

CPE2.3 External links

https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00021


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Out-of-bounds write

EUVDB-ID: #VU119378

Risk: Low

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-12196

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote user to compromise vulnerable system.

The vulnerability exists due to a boundary error in Management CLI Ping Command. A remote user can trigger an out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Fireware OS: 12.0 - 2025.1.2

CPE2.3 External links

https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00020


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Out-of-bounds write

EUVDB-ID: #VU119377

Risk: Low

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-12195

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote user to compromise vulnerable system.

The vulnerability exists due to a boundary error in Management CLI IPSec Configuration. A remote user execute crafted IPSec configuration CLI commands to trigger an out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Fireware OS: 11.3 - 2025.1.2

CPE2.3 External links

https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00019


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Buffer overflow

EUVDB-ID: #VU119376

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-11838

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to a boundary error in the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2. A remote attacker can trigger memory corruption and perform a denial of service attack. 

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Fireware OS: 12.11 - 2025.1.2

CPE2.3 External links

https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00018


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Out-of-bounds write

EUVDB-ID: #VU119375

Risk: Low

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-12026

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote user to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input passed via certd CLI. A remote privileged user can trigger an out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Fireware OS: 12.0 - 2025.1.2

CPE2.3 External links

https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00017


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) XPath injection

EUVDB-ID: #VU119374

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-1545

CWE-ID: CWE-643 - Improper Neutralization of Data within XPath Expressions

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to improper input validation in Web CGI. A remote non-authenticated attacker can send a specially crafted HTTP request to an exposed authentication or management web interface and retrieve sensitive information from the Firebox configuration.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Fireware OS: 11.3 - 2025.1.2

CPE2.3 External links

https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00025


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Expected behavior violation

EUVDB-ID: #VU119373

Risk: Low

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-13940

CWE-ID: CWE-440 - Expected Behavior Violation

Exploit availability: No

Description

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to violation of expected behavior. A local user can bypass the Fireware OS boot time system integrity check and prevent the Firebox from shutting down in the event of a system integrity check failure.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Fireware OS: 12.8.1 - 2025.1.2

CPE2.3 External links

https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00026


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###