SSH Administrative Access Vulnerability in WatchGuard Firebox Devices
CVE-2025-59396

9.8CRITICAL

Key Information:

Vendor: WatchGuard
Status: Firebox
Vendor: CVE Published:; 6 November 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-59396?

The default configuration for WatchGuard Firebox devices through September 10, 2025, permits unauthorized administrative access via SSH on port 4118 using a publicly known readwrite password for the admin account. This vulnerability exposes critical network management interfaces, allowing attackers to potentially gain control over the system and execute malicious activities.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-59396
Created by cyberbyte000

References

https://www.watchguard.com/wgrd-products/firewalls

https://github.com/cyberbyte000/CVE-2025-59396/blob/main/...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 6, 2025
🟡
Public PoC available
Nov 3, 2025
👾
Exploit known to exist
Nov 3, 2025
Vulnerability Reserved
Sep 15, 2025

JSON