PT-2025-45340 · Watchguard · Watchguard Firebox

Published

2025-11-06

Updated

2025-11-13

CVE-2025-59396

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions WatchGuard Firebox versions through 2025-09-10

Description The default configuration of WatchGuard Firebox devices allows administrative access via SSH on port 4118 using the default 'readwrite' password for the 'admin' account. This allows unauthenticated access to the system. The issue has been reported as allowing unauthenticated remote command execution.

Recommendations WatchGuard Firebox versions through 2025-09-10 should have the default 'readwrite' password for the 'admin' account changed immediately. Restrict SSH access to the affected devices.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1188

Related Identifiers

CVE-2025-59396

Affected Products

Watchguard Firebox

PT-2025-45340 · Watchguard · Watchguard Firebox

CVE-2025-59396

Weakness Enumeration

Related Identifiers

Affected Products

References · 12