Watchguard Firebox
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Watchguard Firebox.
Known Exploited Watchguard Firebox Vulnerabilities
The following Watchguard Firebox vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| WatchGuard Firebox Out of Bounds Write Vulnerability |
WatchGuard Fireware OS iked process contains an out of bounds write vulnerability in the OS iked process. This vulnerability may allow a remote unauthenticated attacker to execute arbitrary code and affects both the mobile user VPN with IKEv2 and the branch office VPN using IKEv2 when configured with a dynamic gateway peer. CVE-2025-14733 Exploit Probability: 34.5% |
December 19, 2025 |
| WatchGuard Firebox Out-of-Bounds Write Vulnerability |
WatchGuard Firebox contains an out-of-bounds write vulnerability in the OS iked process that may allow a remote unauthenticated attacker to execute arbitrary code. CVE-2025-9242 Exploit Probability: 69.0% |
November 12, 2025 |
2 known exploited Watchguard Firebox vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.
By the Year
In 2026 there have been 0 vulnerabilities in Watchguard Firebox. Last year, in 2025 Firebox had 4 security vulnerabilities published. Right now, Firebox is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 4 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 3 | 7.57 |
It may take a day or so for new Firebox vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Watchguard Firebox Security Vulnerabilities
OOB Write in WatchGuard FWOS CLI (12.012.11.4, 12.512.5.13, 2025.12025.1.2)
CVE-2025-12196
- December 04, 2025
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated privileged user to execute arbitrary code via a specially crafted CLI command.This vulnerability affects Fireware OS 12.0 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2.
Memory Corruption
WatchGuard Fireware OS 11.0-12.11.4 OOB Write via CLI Commands
CVE-2025-12195
- December 04, 2025
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated privileged user to execute arbitrary code via specially crafted IPSec configuration CLI commands.This vulnerability affects Fireware OS 11.0 up to and including 11.12.4+541730, 12.0 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2.
Memory Corruption
WatchGuard Firebox SSH 4118 Default Auth Flaw
CVE-2025-59396
- November 06, 2025
WatchGuard Fireware XSS via SIP Proxy (12.0-12.11.2)
CVE-2025-6947
- September 15, 2025
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the SIP Proxy module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Firebox: from 12.0 through 12.11.2.
XSS
Stored XSS in WatchGuard Firebox/XTM Web UI (Before 12.8.1/12.5.10/12.1.4)
CVE-2022-31792
5.4 - Medium
- September 06, 2022
A stored cross-site scripting (XSS) vulnerability exists in the management web interface of WatchGuard Firebox and XTM appliances. A remote attacker can potentially execute arbitrary JavaScript code in the management web interface by sending crafted requests to exposed management ports. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4.
XSS
Integer Overflow in WatchGuard Firebox/XTM before 12.8.1
CVE-2022-31789
9.8 - Critical
- September 06, 2022
An integer overflow in WatchGuard Firebox and XTM appliances allows an unauthenticated remote attacker to trigger a buffer overflow and potentially execute arbitrary code by sending a malicious request to exposed management ports. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4.
Integer Overflow or Wraparound
Unauth Remote Disclosure via Auth Endpoints in WatchGuard Firebox (before 12.8.1)
CVE-2022-31790
7.5 - High
- September 06, 2022
WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to retrieve sensitive authentication server settings by sending a malicious request to exposed authentication endpoints. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Watchguard Firebox or by Watchguard? Click the Watch button to subscribe.
