WatchGuard Firebox Authenticated Out of Bounds Write in Management CLI...

8.6 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated privileged user to execute arbitrary code via specially crafted IPSec configuration CLI commands.This vulnerability affects Fireware OS 11.0 up to and including 11.12.4+541730, 12.0 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2.

AI Analysis

Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI allowing arbitrary code execution via specially crafted IPSec configuration CLI commands

Basic Information

ID CVE-2025-12195

Source WatchGuard

Published Dec 4, 2025 at 21:43

Affected Product

Vendor WatchGuard

Product Fireware OS

Version 11.0

Affected Versions WatchGuard Fireware OS 11.0
WatchGuard Fireware OS 12.0
WatchGuard Fireware OS 12.5
WatchGuard Fireware OS 2025.1

CWE Classification

CWE-787

AI Assessment

AI Score 8.6 / 10

AI Severity High

Vendor WatchGuard

Product Fireware OS

Version 11.0, 11.12.4, 12.0, 12.11.4, 12.5, 12.5.13, 2025.1, 2025.1.2

References

www.watchguard.com /wgrd-psirt/advisory/wgsa-2025-00019

{
    "lastseen": "",
    "description": "An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated privileged user to execute arbitrary code\u00a0via specially crafted IPSec configuration CLI commands.This vulnerability affects Fireware OS 11.0 up to and including 11.12.4+541730, 12.0 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2.",
    "published": "2025-12-04T21:43:57.162Z",
    "modified": "2025-12-04T21:43:57.162Z",
    "type": "cve",
    "title": "WatchGuard Firebox Authenticated Out of Bounds Write in Management CLI IPSec Configuration",
    "source": "WatchGuard",
    "references": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00019",
    "id": "CVE-2025-12195",
    "bulletinFamily": "",
    "cwe": [
        "CWE-787"
    ],
    "cvelist": null,
    "sourceData": "WatchGuard Fireware OS 11.0\nWatchGuard Fireware OS 12.0\nWatchGuard Fireware OS 12.5\nWatchGuard Fireware OS 2025.1",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Fireware OS",
    "version": "11.0",
    "vendor": "WatchGuard",
    "ai_description": "Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI allowing arbitrary code execution via specially crafted IPSec configuration CLI commands",
    "ai_severity": "High",
    "ai_vendor": "WatchGuard",
    "ai_product": "Fireware OS",
    "ai_version": "11.0, 11.12.4, 12.0, 12.11.4, 12.5, 12.5.13, 2025.1, 2025.1.2",
    "ai_score": 8.6
}

WatchGuard Firebox Authenticated Out of Bounds Write in Management CLI IPSec Configuration_CVE-2025-12195