CVE-2025-12195
Essential information
- Published
- 04/12/2025 22:15
- Modified
- 10/12/2025 15:56
- Author
- —
- Creator
- —
- CVSS
- 8.6 HIGH (v3) 8.6 HIGH (v4.0)
- CISA KEV
- No
- CWE
- —
- CVSS vector
-
—
—
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CVSS metrics
- Access vector
- —
- Access complexity
- —
- Authentication
- —
- Confidentiality impact
- —
- Integrity impact
- —
- Availability impact
- —
- Exploitability
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- —
- Attack complexity
- —
- Privileges required
- —
- User interaction
- —
- Scope
- —
- Confidentiality impact
- —
- Integrity impact
- —
- Availability impact
- —
- Exploit code maturity
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- NETWORK
- Attack complexity
- LOW
- Attack requirements
- NONE
- Privileges required
- HIGH
- User interaction
- NONE
- Confidentiality (V)
- HIGH
- Confidentiality (S)
- NONE
- Integrity (V)
- HIGH
- Integrity (S)
- NONE
- Availability (V)
- HIGH
- Availability (S)
- NONE
- Exploit maturity
- NOT_DEFINED
Description
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated privileged user to execute arbitrary code via specially crafted IPSec configuration CLI commands.This vulnerability affects Fireware OS 11.0 up to and including 11.12.4+541730, 12.0 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2.
NVD status
- Status
- Analyzed — CVE has had analysis completed and all data associations made.
- Source
- 5d1c2695-1a31-4499-88ae-e847036fd7e3
- NVD
- View on NVD
Affected products (CPE)
| Product | CPE |
|---|---|
| watchguard / fireware | cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:* |
| watchguard / firebox t115-w | cpe:2.3:h:watchguard:firebox_t115-w:-:*:*:*:*:*:*:* |
| watchguard / firebox t125 | cpe:2.3:h:watchguard:firebox_t125:-:*:*:*:*:*:*:* |
| watchguard / firebox t125-w | cpe:2.3:h:watchguard:firebox_t125-w:-:*:*:*:*:*:*:* |
| watchguard / firebox t145 | cpe:2.3:h:watchguard:firebox_t145:-:*:*:*:*:*:*:* |
| watchguard / firebox t145-w | cpe:2.3:h:watchguard:firebox_t145-w:-:*:*:*:*:*:*:* |
| watchguard / firebox t185 | cpe:2.3:h:watchguard:firebox_t185:-:*:*:*:*:*:*:* |
| watchguard / fireware | cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:* |
| watchguard / firebox m270 | cpe:2.3:h:watchguard:firebox_m270:-:*:*:*:*:*:*:* |
| watchguard / firebox m290 | cpe:2.3:h:watchguard:firebox_m290:-:*:*:*:*:*:*:* |
| watchguard / firebox m370 | cpe:2.3:h:watchguard:firebox_m370:-:*:*:*:*:*:*:* |
| watchguard / firebox m390 | cpe:2.3:h:watchguard:firebox_m390:-:*:*:*:*:*:*:* |
| watchguard / firebox m440 | cpe:2.3:h:watchguard:firebox_m440:-:*:*:*:*:*:*:* |
| watchguard / firebox m4600 | cpe:2.3:h:watchguard:firebox_m4600:-:*:*:*:*:*:*:* |
| watchguard / firebox m470 | cpe:2.3:h:watchguard:firebox_m470:-:*:*:*:*:*:*:* |
| watchguard / firebox m4800 | cpe:2.3:h:watchguard:firebox_m4800:-:*:*:*:*:*:*:* |
| watchguard / firebox m5600 | cpe:2.3:h:watchguard:firebox_m5600:-:*:*:*:*:*:*:* |
| watchguard / firebox m570 | cpe:2.3:h:watchguard:firebox_m570:-:*:*:*:*:*:*:* |
| watchguard / firebox m5800 | cpe:2.3:h:watchguard:firebox_m5800:-:*:*:*:*:*:*:* |
| watchguard / firebox m590 | cpe:2.3:h:watchguard:firebox_m590:-:*:*:*:*:*:*:* |
| watchguard / firebox m670 | cpe:2.3:h:watchguard:firebox_m670:-:*:*:*:*:*:*:* |
| watchguard / firebox m690 | cpe:2.3:h:watchguard:firebox_m690:-:*:*:*:*:*:*:* |
| watchguard / firebox nv5 | cpe:2.3:h:watchguard:firebox_nv5:-:*:*:*:*:*:*:* |
| watchguard / firebox t20 | cpe:2.3:h:watchguard:firebox_t20:-:*:*:*:*:*:*:* |
| watchguard / firebox t25 | cpe:2.3:h:watchguard:firebox_t25:-:*:*:*:*:*:*:* |
| watchguard / firebox t40 | cpe:2.3:h:watchguard:firebox_t40:-:*:*:*:*:*:*:* |
| watchguard / firebox t45 | cpe:2.3:h:watchguard:firebox_t45:-:*:*:*:*:*:*:* |
| watchguard / firebox t55 | cpe:2.3:h:watchguard:firebox_t55:-:*:*:*:*:*:*:* |
| watchguard / firebox t70 | cpe:2.3:h:watchguard:firebox_t70:-:*:*:*:*:*:*:* |
| watchguard / firebox t80 | cpe:2.3:h:watchguard:firebox_t80:-:*:*:*:*:*:*:* |
| watchguard / firebox t85 | cpe:2.3:h:watchguard:firebox_t85:-:*:*:*:*:*:*:* |
| watchguard / fireboxcloud | cpe:2.3:h:watchguard:fireboxcloud:-:*:*:*:*:*:*:* |
| watchguard / fireboxv | cpe:2.3:h:watchguard:fireboxv:-:*:*:*:*:*:*:* |
| watchguard / fireware | cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:* |
| watchguard / firebox t15 | cpe:2.3:h:watchguard:firebox_t15:-:*:*:*:*:*:*:* |
| watchguard / firebox t35 | cpe:2.3:h:watchguard:firebox_t35:-:*:*:*:*:*:*:* |