CVE-2025-12195

Name of the Vulnerable Software and Affected Versions WatchGuard Fireware OS versions 11.0 through 11.12.4+541730 WatchGuard Fireware OS versions 12.0 through 12.11.4 WatchGuard Fireware OS versions 12.5 through 12.5.13 WatchGuard Fireware OS versions 2025.1 through 2025.1.2

Description An out-of-bounds write issue exists in the Command Line Interface (CLI) of WatchGuard Fireware OS. A user with privileged access can potentially execute arbitrary code by using specifically designed IPSec configuration commands. The issue stems from improper handling of input when configuring IPSec, allowing a malicious actor to write data beyond the allocated buffer. This could lead to system compromise.

Recommendations WatchGuard Fireware OS versions 11.0 through 11.12.4+541730 should be updated. WatchGuard Fireware OS versions 12.0 through 12.11.4 should be updated. WatchGuard Fireware OS versions 12.5 through 12.5.13 should be updated. WatchGuard Fireware OS versions 2025.1 through 2025.1.2 should be updated.