Detections
Analytics
WatchGuard Firebox OS 2025.1 / 12.x < 12.11.4 / 12.5.x < 12.5.13 / 11.x Out of Bounds Write Vulnerability
critical Nessus Plugin ID 277584
Synopsis
A network security appliance running on the remote host is affected by out of bounds Write vulnerability.Description
According to its self-reported version, the instance of WatchGuard Firebox OS running on the remote host is 2025.1, 12.x prior to 12.11.4, 12.5.x prior to 12.5.13, or 11.x. It is, therefore, affected by out of bounds Write vulnerability.An Out-of-bounds Write vulnerability in the WatchGuard Fireware OS iked process may allow a remote unauthenticated attacker to execute arbitrary code.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade to Drupal version 10.4.9 / 10.5.6 / 11.1.9 / 11.2.8 or later.See Also
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00015
Plugin Details
Severity: Critical
ID: 277584
File Name: watchGuard_firebox_CVE-2025-9242.nasl
Version: 1.1
Type: remote
Family: CGI abuses
Published: 12/5/2025
Updated: 12/5/2025
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Critical
Score: 9.4
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v4
Risk Factor: Critical
Base Score: 9.3
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Vulnerability Information
CPE: cpe:/o:watchguard:fireware
Required KB Items: installed_sw/WatchGuard FireboxV
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 9/17/2025
Vulnerability Publication Date: 9/17/2025
CISA Known Exploited Vulnerability Due Dates: 11/12/2025
Reference Information
CVE: CVE-2025-9242