Diagnostic Shell Vulnerability in Firebox Fireware OS by WatchGuard
CVE-2025-4106

8.9HIGH

Key Information:

Vendor: Watchguard
Status: Fireware Os
Vendor: CVE Published:; 24 October 2025

What is CVE-2025-4106?

An issue exists where an authenticated admin user, with access to both the management WebUI and command line interface on a Firebox device, can exploit a flaw to enable a diagnostic debug shell. This can be accomplished by uploading a platform and version-specific diagnostic package and executing a previously unused diagnostic command. This vulnerability potentially allows for unauthorized access to sensitive system details and operations, raising concerns over the security integrity of the affected Fireware OS versions.

Affected Version(s)

Fireware OS 12.0 < 12.11.2

References

https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-...

CVSS V4

Score:

8.9

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 24, 2025
Vulnerability Reserved
Apr 30, 2025

JSON

Watchguard

What is CVE-2025-4106?

Affected Version(s)

References

CVSS V4

Timeline