Watchguard Fireware
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Watchguard Fireware.
By the Year
In 2026 there have been 0 vulnerabilities in Watchguard Fireware. Last year, in 2025 Fireware had 3 security vulnerabilities published. Right now, Fireware is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 3 | 0.00 |
| 2024 | 1 | 7.20 |
| 2023 | 0 | 0.00 |
| 2022 | 12 | 8.11 |
It may take a day or so for new Fireware vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Watchguard Fireware Security Vulnerabilities
WatchGuard Fireware OS <12.12> OOB Write via Cert CLI (CVE-2025-12026)
CVE-2025-12026
- December 04, 2025
An Out-of-bounds Write vulnerability in WatchGuard Fireware OSs certificate request command could allow an authenticated privileged user to execute arbitrary code via specially crafted CLI commands.This vulnerability affects Fireware OS 12.0 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2.
Memory Corruption
Firebox Pre12.11.2: Auth Admin Enables Debug Shell via Uploaded DIAG PKG
CVE-2025-4106
- October 24, 2025
An authenticated admin user with access to both the management WebUI and command line interface on a Firebox can enable a diagnostic debug shell by uploading a platform and version-specific diagnostic package and executing a leftover diagnostic command. This issue affects Fireware OS: from 12.0 before 12.11.2.
Active Debug Code
WatchGuard Fireware OS 12.0-12.11.1 Stored XSS via Authenticated Admin Session
CVE-2025-4805
- May 16, 2025
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Fireware OS: from 12.0 through 12.11.1.
XSS
WatchGuard Fireware OS 11.9.6-12.10.3 Buffer Overflow Allows Auth Exec
CVE-2024-5974
7.2 - High
- July 09, 2024
A buffer overflow in WatchGuard Fireware OS could may allow an authenticated remote attacker with privileged management access to execute arbitrary code with system privileges on the firewall. This issue affects Fireware OS: from 11.9.6 through 12.10.3.
Classic Buffer Overflow
Stored XSS in WatchGuard Firebox/XTM Web UI (Before 12.8.1/12.5.10/12.1.4)
CVE-2022-31792
5.4 - Medium
- September 06, 2022
A stored cross-site scripting (XSS) vulnerability exists in the management web interface of WatchGuard Firebox and XTM appliances. A remote attacker can potentially execute arbitrary JavaScript code in the management web interface by sending crafted requests to exposed management ports. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4.
XSS
WatchGuard Fireware OS PrivEsc Local Shell to Root (12.8.1)
CVE-2022-31791
7.8 - High
- September 06, 2022
WatchGuard Firebox and XTM appliances allow a local attacker (that has already obtained shell access) to elevate their privileges and execute code with root permissions. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4.
Integer Overflow in WatchGuard Firebox/XTM before 12.8.1
CVE-2022-31789
9.8 - Critical
- September 06, 2022
An integer overflow in WatchGuard Firebox and XTM appliances allows an unauthenticated remote attacker to trigger a buffer overflow and potentially execute arbitrary code by sending a malicious request to exposed management ports. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4.
Integer Overflow or Wraparound
Unauth Remote Disclosure via Auth Endpoints in WatchGuard Firebox (before 12.8.1)
CVE-2022-31790
7.5 - High
- September 06, 2022
WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to retrieve sensitive authentication server settings by sending a malicious request to exposed authentication endpoints. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4.
On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786
CVE-2022-26318
9.8 - Critical
- March 04, 2022
On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.
WatchGuard Firebox and XTM appliances
CVE-2022-25363
6.5 - Medium
- February 24, 2022
WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to modify privileged management user credentials. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.
Memory Corruption
WatchGuard Firebox and XTM appliances
CVE-2022-25290
6.5 - Medium
- February 24, 2022
WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to retrieve certificate private keys. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.
WatchGuard Firebox and XTM appliances
CVE-2022-23176
8.8 - High
- February 24, 2022
WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access. This vulnerability impacts Fireware OS before 12.7.2_U1, 12.x before 12.1.3_U3, and 12.2.x through 12.5.x before 12.5.7_U3.
WatchGuard Firebox and XTM appliances
CVE-2022-25360
8.8 - High
- February 24, 2022
WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to upload files to arbitrary locations. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.
Unrestricted File Upload
A systemd stack-based buffer overflow in WatchGuard Firebox and XTM appliances
CVE-2022-25293
8.8 - High
- February 24, 2022
A systemd stack-based buffer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to potentially execute arbitrary code by initiating a firmware update with a malicious upgrade image. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.
Memory Corruption
A wgagent stack-based buffer overflow in WatchGuard Firebox and XTM appliances
CVE-2022-25292
8.8 - High
- February 24, 2022
A wgagent stack-based buffer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to potentially execute arbitrary code by initiating a firmware update with a malicious upgrade image. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.
Memory Corruption
An integer overflow in WatchGuard Firebox and XTM appliances
CVE-2022-25291
8.8 - High
- February 24, 2022
An integer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to trigger a heap-based buffer overflow and potentially execute arbitrary code by initiating a firmware update with a malicious upgrade image. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.
Integer Overflow or Wraparound
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Watchguard Fireware or by Watchguard? Click the Watch button to subscribe.
