cbcvebase.
CVE-2025-12026
published 2025-12-04

CVE-2025-12026: An Out-of-bounds Write vulnerability in WatchGuard Fireware OS’s certificate request command could allow an authenticated privileged user to execute arbitrary…

PriorityP351high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
0.38%
29.5th percentile
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS’s certificate request command could allow an authenticated privileged user to execute arbitrary code via specially crafted CLI commands.This vulnerability affects Fireware OS 12.0 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2.

Affected

6 ranges
VendorProductVersion rangeFixed in
watchguardfireware>= 12.0.0 < 12.11.512.11.5
watchguardfireware>= 12.5 < 12.5.1412.5.14
watchguardfireware>= 2025.1 < 2025.1.32025.1.3
watchguardfireware_os12.0 – 12.11.4
watchguardfireware_os12.5 – 12.5.13
watchguardfireware_os2025.1 – 2025.1.2

CVSS provenance

nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv4.08.6HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.