Threat Advisory

Multiple High-Severity Flaws Discovered in Firewall Operating System

Threat: Vulnerability
Targeted Region: Global
Targeted Sector: Technology & IT
Criticality: High

EXECUTIVE SUMMARY:

A set of high-severity flaws in a widely used firewall operating system has been addressed, resolving weaknesses that could allow attackers to crash VPN services, retrieve sensitive configuration data, and execute arbitrary commands through the management interface. The issues stem from memory corruption in IKEv2 VPN handling, XPath injection in the web interface, and out-of-bounds write conditions within CLI modules, creating risks of service disruption, data exposure, and elevated control if a privileged account is compromised.

  • CVE-2025-11838 – A memory corruption flaw in the IKEv2 VPN process that allows an unauthenticated attacker to trigger a Denial-of-Service condition with a CVSS score of 8.7.
  • CVE-2025-1545 – An XPath injection issue in the web management interface that allows an unauthenticated attacker to retrieve sensitive configuration information with a CVSS score of 7.5.
  • CVE-2025-12026 – An out-of-bounds write vulnerability in the CLI certificate request module that allows authenticated privileged users to execute arbitrary code with a CVSS score of 8.0.
  • CVE-2025-12195 – An out-of-bounds write vulnerability in the CLI IPSec configuration module that allows authenticated privileged users to execute arbitrary code with a CVSS score of 8.1.

 

The update removes critical weaknesses that exposed VPN stability and management-plane security to significant risk. Applying the latest firmware versions ensures this attack paths are fully mitigated and system functionality remains reliable.

RECOMMENDATION:

We strongly recommend you update Fireware OS to below versions:

  • Fireware OS 12.11.5
  • Fireware OS 12.5.14 (for T15/T35 models)
  • Fireware OS 2025.1.3.

REFERENCES:

The following reports contain further technical details:

https://securityonline.info/high-severity-watchguard-flaws-risk-vpn-dos-and-rce-via-ikev2-memory-corruption/

crossmenu