An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.This vulnerability affects Fireware OS 11.10.2 up to and including 11.12.4_Update1, 12.0 up to and including 12.11.3 and 2025.1.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XWatchguard Fireboxcloud
HWWatchguardwszystkie wersjeWatchguard Firebox M270
HWWatchguardwszystkie wersjeWatchguard Firebox M290
HWWatchguardwszystkie wersjeWatchguard Firebox M370
HWWatchguardwszystkie wersjeWatchguard Firebox M390
HWWatchguardwszystkie wersjeWatchguard Firebox M440
HWWatchguardwszystkie wersjeWatchguard Firebox M4600
HWWatchguardwszystkie wersjeWatchguard Firebox M470
HWWatchguardwszystkie wersjeWatchguard Firebox M4800
HWWatchguardwszystkie wersjeWatchguard Firebox M5600
HWWatchguardwszystkie wersjeWatchguard Firebox M570
HWWatchguardwszystkie wersjeWatchguard Firebox M5800
HWWatchguardwszystkie wersjeWatchguard Firebox M590
HWWatchguardwszystkie wersjeWatchguard Firebox M670
HWWatchguardwszystkie wersjeWatchguard Firebox M690
HWWatchguardwszystkie wersjeWatchguard Firebox Nv5
HWWatchguardwszystkie wersjeWatchguard Firebox T115 W
HWWatchguardwszystkie wersjeWatchguard Firebox T125
HWWatchguardwszystkie wersjeWatchguard Firebox T125 W
HWWatchguardwszystkie wersjeWatchguard Firebox T145
HWWatchguardwszystkie wersjeWatchguard Firebox T145 W
HWWatchguardwszystkie wersjeWatchguard Firebox T15
HWWatchguardwszystkie wersjeWatchguard Firebox T185
HWWatchguardwszystkie wersjeWatchguard Firebox T20
HWWatchguardwszystkie wersjeWatchguard Firebox T25
HWWatchguardwszystkie wersjeWatchguard Firebox T35
HWWatchguardwszystkie wersjeWatchguard Firebox T40
HWWatchguardwszystkie wersjeWatchguard Firebox T45
HWWatchguardwszystkie wersjeWatchguard Firebox T55
HWWatchguardwszystkie wersjeWatchguard Firebox T70
HWWatchguardwszystkie wersje
CISA KEV — detailsi
- Vendori
- WatchGuard
- Producti
- Firebox
- Added to KEVi
- November 12, 2025
- Remediation deadline (US Federal)i
- December 3, 2025(overdue)
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
WatchGuard Firebox contains an out-of-bounds write vulnerability in the OS iked process that may allow a remote unauthenticated attacker to execute arbitrary code.
Related vulnerabilities
RCE bez uwierzytelnienia w WatchGuard Fireware OS – podatność IKEv2 VPN
On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. T...
An integer overflow in WatchGuard Firebox and XTM appliances allows an unauthenticated remote attacker to trig...
WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to delete arbitrary files from ...
WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the syst...