cbcvebase.

Watchguard Fireware vulnerabilities

41 known vulnerabilities affecting watchguard/fireware.

Total CVEs
41
CISA KEV
4
actively exploited
Public exploits
3
Exploited in wild
4
Severity breakdown
CRITICAL6HIGH16MEDIUM19

Vulnerabilities

Page 1 of 3
CVE-2025-9242P1CRITICALCVSS 9.8KEVPoCRansomware≥ 11.10.2, < 12.11.4≥ 11.10.2, < 12.5.13+1 more2025-09-17
CVE-2025-9242 [CRITICAL] CWE-787 CVE-2025-9242: An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated at An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.This vulnerability affects Fireware OS 11.10.2 up to and including 11.12
nvd
CVE-2022-26318P1CRITICALCVSS 9.8KEVPoC≥ 12.0.0, < 12.1.3≥ 12.5, < 12.5.9+4 more2022-03-04
CVE-2022-26318 [CRITICAL] CVE-2022-26318: On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FB On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.
nvd
CVE-2025-14733P1CRITICALCVSS 9.8KEVRansomware≥ 11.10.2, < 12.5.15≥ 11.10.2, < 12.11.6+1 more2025-12-19
CVE-2025-14733 [CRITICAL] CWE-787 CVE-2025-14733: An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated at An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.This vulnerability affects Fireware OS 11.10.2 up to and including 11.
nvd
CVE-2022-23176P1HIGHCVSS 8.8KEV≥ 12.0.0, < 12.1.3≥ 12.2.0, < 12.5.7+3 more2022-02-24
CVE-2022-23176 [HIGH] CVE-2022-23176: WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to acces WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access. This vulnerability impacts Fireware OS before 12.7.2_U1, 12.x before 12.1.3_U3, and 12.2.x through 12.5.x before 12.5.7_U3.
nvd
CVE-2013-6021P2CRITICALCVSS 9.3PoC≤ 11.7.4v11.0.2+10 more2013-10-19
CVE-2013-6021 [CRITICAL] CWE-119 CVE-2013-6021: Buffer overflow in WGagent in WatchGuard WSM and Fireware before 11.8 allows remote attackers to exe Buffer overflow in WGagent in WatchGuard WSM and Fireware before 11.8 allows remote attackers to execute arbitrary code via a long sessionid value in a cookie.
nvd
CVE-2022-31789P2CRITICALCVSS 9.8≥ 12.0.0, < 12.1.4≥ 12.2.0, < 12.5.10+7 more2022-09-06
CVE-2022-31789 [CRITICAL] CWE-190 CVE-2022-31789: An integer overflow in WatchGuard Firebox and XTM appliances allows an unauthenticated remote attack An integer overflow in WatchGuard Firebox and XTM appliances allows an unauthenticated remote attacker to trigger a buffer overflow and potentially execute arbitrary code by sending a malicious request to exposed management ports. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4.
nvd
CVE-2022-25361P3CRITICALCVSS 9.1≥ 12.0.0, < 12.1.3≥ 12.2.0, < 12.5.9+3 more2022-06-07
CVE-2022-25361 [CRITICAL] CVE-2022-25361: WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to delete arbitrary f WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to delete arbitrary files from a limited set of directories on the system. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.
nvd
CVE-2022-25293P3HIGHCVSS 8.8≥ 12.0.0, < 12.1.3≥ 12.2.0, < 12.5.9+4 more2022-02-24
CVE-2022-25293 [HIGH] CWE-787 CVE-2022-25293: A systemd stack-based buffer overflow in WatchGuard Firebox and XTM appliances allows an authenticat A systemd stack-based buffer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to potentially execute arbitrary code by initiating a firmware update with a malicious upgrade image. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.
nvd
CVE-2022-25292P3HIGHCVSS 8.8≥ 12.0.0, < 12.1.3≥ 12.2.0, < 12.5.9+4 more2022-02-24
CVE-2022-25292 [HIGH] CWE-787 CVE-2022-25292: A wgagent stack-based buffer overflow in WatchGuard Firebox and XTM appliances allows an authenticat A wgagent stack-based buffer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to potentially execute arbitrary code by initiating a firmware update with a malicious upgrade image. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.
nvd
CVE-2022-25291P3HIGHCVSS 8.8≥ 12.0.0, < 12.1.3≥ 12.2.0, < 12.5.9+4 more2022-02-24
CVE-2022-25291 [HIGH] CWE-190 CVE-2022-25291: An integer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker An integer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to trigger a heap-based buffer overflow and potentially execute arbitrary code by initiating a firmware update with a malicious upgrade image. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x bef
nvd
CVE-2022-25360P3HIGHCVSS 8.8≥ 12.0.0, < 12.1.3≥ 12.2.0, < 12.5.9+4 more2022-02-24
CVE-2022-25360 [HIGH] CWE-434 CVE-2022-25360: WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged crede WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to upload files to arbitrary locations. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.
nvd
CVE-2025-1545P3HIGHCVSS 7.5≥ 2025.1, < 2025.1.3≥ 11.11, < 12.11.5+1 more2025-12-04
CVE-2025-1545 [HIGH] CWE-91 CVE-2025-1545: An XPath Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attack An XPath Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from the Firebox configuration through an exposed authentication or management web interface. This vulnerability only affects Firebox systems that have at least one authentication hotspot configured.This issue affects F
nvd
CVE-2022-31790P3HIGHCVSS 7.5≥ 12.0.0, < 12.1.4≥ 12.2.0, < 12.5.10+7 more2022-09-06
CVE-2022-31790 [HIGH] CVE-2022-31790: WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to retrieve sensitive WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to retrieve sensitive authentication server settings by sending a malicious request to exposed authentication endpoints. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4.
nvd
CVE-2026-3342P3HIGHCVSS 7.2≥ 12.5, < 12.5.17≥ 2025.1, < 2026.1.2+1 more2026-03-03
CVE-2026-3342 [HIGH] CWE-787 CVE-2026-3342: An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow an authenticated privileged An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow an authenticated privileged administrator to execute arbitrary code with root permissions via an exposed management interface. This vulnerability affects Fireware OS 11.9 up to and including 11.12.4_Update1, 12.0 up to and including 12.11.7 and 2025.1 up to and including 2026.1.1.
nvd
CVE-2025-12195P3HIGHCVSS 7.2≥ 2025.1, < 2025.1.3≥ 11.0, < 12.11.5+1 more2025-12-04
CVE-2025-12195 [HIGH] CWE-787 CVE-2025-12195: An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated pr An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated privileged user to execute arbitrary code via specially crafted IPSec configuration CLI commands.This vulnerability affects Fireware OS 11.0 up to and including 11.12.4+541730, 12.0 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1
nvd
CVE-2025-12026P3HIGHCVSS 7.2≥ 2025.1, < 2025.1.3≥ 12.0.0, < 12.11.5+1 more2025-12-04
CVE-2025-12026 [HIGH] CWE-787 CVE-2025-12026: An Out-of-bounds Write vulnerability in WatchGuard Fireware OS’s certificate request command could a An Out-of-bounds Write vulnerability in WatchGuard Fireware OS’s certificate request command could allow an authenticated privileged user to execute arbitrary code via specially crafted CLI commands.This vulnerability affects Fireware OS 12.0 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2.
nvd
CVE-2025-12196P3HIGHCVSS 7.2≥ 2025.1, < 2025.1.3≥ 12.0.0, < 12.11.5+1 more2025-12-04
CVE-2025-12196 [HIGH] CWE-787 CVE-2025-12196: An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated pr An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated privileged user to execute arbitrary code via a specially crafted CLI command.This vulnerability affects Fireware OS 12.0 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2.
nvd
CVE-2025-1547P3HIGHCVSS 7.2≥ 12.0.0, < 12.11.3≥ 12.5, < 12.5.132025-12-04
CVE-2025-1547 [HIGH] CWE-121 CVE-2025-1547: A stack-based buffer overflow vulnerability [CWE-121] in WatchGuard Fireware OS's certificate reques A stack-based buffer overflow vulnerability [CWE-121] in WatchGuard Fireware OS's certificate request command could allow an authenticated privileged user to execute arbitrary code via specially crafted CLI commands.This issue affects Fireware OS: from 12.0 through 12.5.12+701324, from 12.6 through 12.11.2.
nvd
CVE-2024-5974P3HIGHCVSS 7.2≥ 11.9.4, < 12.5.12≥ 12.6, < 12.10.4+1 more2024-07-09
CVE-2024-5974 [HIGH] CWE-120 CVE-2024-5974: A buffer overflow in WatchGuard Fireware OS could may allow an authenticated remote attacker with pr A buffer overflow in WatchGuard Fireware OS could may allow an authenticated remote attacker with privileged management access to execute arbitrary code with system privileges on the firewall. This issue affects Fireware OS: from 11.9.6 through 12.10.3.
nvd
CVE-2025-11838P3HIGHCVSS 7.5≥ 2025.1, < 2025.1.3≥ 12.0.0, < 12.11.52025-12-04
CVE-2025-11838 [HIGH] CWE-763 CVE-2025-11838: A memory corruption vulnerability in WatchGuard Fireware OS may allow an unauthenticated attacker to A memory corruption vulnerability in WatchGuard Fireware OS may allow an unauthenticated attacker to trigger a Denial of Service (DoS) condition in the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer. This vulnerability affects Fireware OS 12.6.1 up to and including 12.11.4 and 2025.1 up to
nvd
Watchguard Fireware vulnerabilities | cvebase